JimJ.64988 (Veracode) asked a question.
Device Authorization with PKCE - seems broken - the flow works without PKCE and fails with it - excepted?
https://developer.okta.com/docs/guides/device-authorization-grant/
Doesn't describe using PKCE. However, my okta application has it checked as a required additional option.
The flow works without it. However, even though I send the code_challenge to the device/authorize endpoint, when I send the code_verifier to the v1/token endpoint I get this error: "PKCE code challenge should be specified in the authorize request for code verification."
Should PKCE work with this flow? This is for a native CLI application.
Hello @JimJ.64988 (Veracode) Thank you for posting on our Community page!
This question is more appropriate for our dedicated Okta Developer Forum.
My advice would be to reach out via devforum.okta.com to take advantage of their expertise.
While we'll do our best to answer all of your questions here, this medium is more inclined towards Okta core products and features (non-developer work).
Thank you for reaching out to our Community and have a great day!
--
Help others in the community by liking or hitting Select as Best if this response helped you.