Authorization Code with PKCE

Suggest Edits

Learn more about Authorization code grant

Prerequisites

  • Set up ISVAOP
  • Set up an application or relying party that supports authorization code flow

Configuring ISVAOP

The example configuration snippets assume specific keystore names, such as "isvaop_keys". Modify the configuration as needed.

  • Ensure the authorization_code grant type is enabled in provider.yml.

    # Copyright contributors to the IBM Security Verify Access OIDC Provider Resources project
definition:
  grant_types:
    - authorization_code

  • Create a new static client configuration client_pkce.yml and copy the following content:

    # Copyright contributors to the IBM Security Verify Access OIDC Provider Resources project
client_id: client_pkce
client_secret: "OBF:U2FsdGVkX1989Y/UBwz1BNPbIkv0hgBTcoynJtlRt56hu3TGX+5Kdi4TJ6MLMYtO" # ahwoaor82noawasg is the secret in clear text.
client_name: "AuthorizationCode with PKCE"
enabled: true
redirect_uris:
- https://www.google.com
grant_types:
- authorization_code
response_types:
- code
- code token
token_endpoint_auth_method: default
require_pkce: true

You can now use your relying party application to execute the authorization code flow.

Updated over 1 year ago