Web Application requiring PKCE

milryar · March 4, 2020, 3:14pm

I have created a Web application within Okta and am having difficulties getting a token.
The application is setup to use the Authorization Code grant type, but I am receiving the following error when attempting to request a token:

PKCE code verifier is required when the token endpoint authentication method is ‘NONE’.

I’m not sure how to create the code_verifier value for a web app. It’s also not indicated that it’s required for web apps in the documentation.

I am sending the Authorization: Basic with the encoded clientID and clientSecrect. Am I missing something?

milryar · March 4, 2020, 4:08pm

Nevermind - figured it out. I was passing the code_challenge to the Authorize endpoint, which was requiring the code_verifier to be passed to the Token endpoint.

Removed the code_challenge from the Authorize call and it’s now working

system · January 23, 2024, 10:46pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Post		Replies	Views
PKCE verification failed Questions	3	9152	January 26, 2024
Code verifier and code challenge Questions	3	6560	June 22, 2020
Flow authorization code with PKCE dependencies Questions	2	2944	February 10, 2024
PKCE verification failed - Using 'code' after login Questions	7	6511	February 12, 2024
Authorization Code w/ PKCE Flow for Web Apps OAuth/OIDC	4	3295	April 24, 2023

Web Application requiring PKCE

Related topics