PKCE configuration for IAM as OAuth 2.0 OIDC client

  1. OIDC Discovery Client
  2. Go to:
    Loginapp >> OAuth 2.0/OIDC Clients >> OIDC Discovery Flow Client
  3. This type of client will read the configured Discovery Endpoint URL to determine if the OP supports PKCE. If PKCE is supported, it will automatically be used.
  1. OAuth and OIDC Flow Client
  2. Go to:
    Loginapp >> OAuth 2.0/OIDC Clients >> OAuth 2.0 Flow Client
  3. In section Authorization Request in property PKCE Challenge Method select S256 - Default from the drop-down menu.
  4. IAM as a client will use PKCE.

To disable PKCE select No PKCE for the PKCE Challenge Method.