Swagger UI Browser requests to the token endpoint must use Proof Key for Code Exchange

Using Swagger UI to access API endpoints. When the token endpoint is hit, it passes the following properly


but still getting the error Auth ErrorError, error: invalid_client, description: Browser requests to the token endpoint must use Proof Key for Code Exchange.

A search resulted in this article which does not mention how to remove the origin header from being passed.


I suggest you can test in desktop postman app as below:

It should work in this app.

To setup the environment, you can refer the below doc.
To import the collections, please refer this doc.

You must configure Okta with an app integration of “Single-Page Application” for it to support what Swagger UI is doing.

The documentation is slightly misleading. For PKCE you must have the origin header. The catch is that you must not send client_secret . Setting this field to “” or even removing this setting on swagger (depending what swagger library/implementation you are using) will solve the problem

1 Like