Web Application requiring PKCE

I have created a Web application within Okta and am having difficulties getting a token.
The application is setup to use the Authorization Code grant type, but I am receiving the following error when attempting to request a token:

PKCE code verifier is required when the token endpoint authentication method is ‘NONE’.

I’m not sure how to create the code_verifier value for a web app. It’s also not indicated that it’s required for web apps in the documentation.

I am sending the Authorization: Basic with the encoded clientID and clientSecrect. Am I missing something?

Nevermind - figured it out. I was passing the code_challenge to the Authorize endpoint, which was requiring the code_verifier to be passed to the Token endpoint.

Removed the code_challenge from the Authorize call and it’s now working

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.