Guides
Start typing to search…

Authorization Code with PKCE

Suggest Edits

Learn more about Authorization code grant

Prerequisites

  • Set up IVIAOP
  • Set up an application or relying party that supports authorization code flow

Configuring IVIAOP

The example configuration snippets assume specific keystore names, such as "isvaop_keys". Modify the configuration as needed.

  • Ensure the authorization_code grant type is enabled in provider.yml.

    # Copyright contributors to the IBM Verify Identity Access OIDC Provider Resources project
definition:
  grant_types:
    - authorization_code

  • Create a new static client configuration client_pkce.yml and copy the following content:

    # Copyright contributors to the IBM Verify Identity Access OIDC Provider Resources project
client_id: client_pkce
client_secret: "OBF:U2FsdGVkX1989Y/UBwz1BNPbIkv0hgBTcoynJtlRt56hu3TGX+5Kdi4TJ6MLMYtO" # ahwoaor82noawasg is the secret in clear text.
client_name: "AuthorizationCode with PKCE"
enabled: true
redirect_uris:
- https://www.google.com
grant_types:
- authorization_code
response_types:
- code
- code token
token_endpoint_auth_method: default
require_pkce: true

You can now use your relying party application to execute the authorization code flow.

Updated 4 months ago

Did this page help you?