- OIDC Discovery Client
- Go to:
Loginapp >> OAuth 2.0/OIDC Clients >> OIDC Discovery Flow Client - This type of client will read the configured Discovery Endpoint URL to determine if the OP supports PKCE. If PKCE is supported, it will automatically be used.
- OAuth and OIDC Flow Client
- Go to:
Loginapp >> OAuth 2.0/OIDC Clients >> OAuth 2.0 Flow Client - In section Authorization Request in property PKCE Challenge Method select S256 - Default from the drop-down menu.
- IAM as a client will use PKCE.
To disable PKCE select No PKCE for the PKCE Challenge Method.
Further information and links
- See PKCE - Proof Key for Code Exchange for more information about PKCE.