How do I enforce PKCE globally?

Edit online

About this task

This use case explains how to enforce PKCE globally in the local authorization server. When you enforce PKCE at global level, then it is applied for all the public OAuth2.0 clients of local authorization server.

This use case starts when you want to enable the PKCE workflow and ends when you get the access token on successful validation.

To enforce the PKCE at global level

Procedure

  1. Expand the menu icon, in the title bar, and select Administration.
  2. Select Security > JWT/OAuth/OpenID.
    The Authorization servers section displays a list of available internal and external authorization servers.
  3. In the Internal authorization servers section, click local.
  4. Expand the OAuth configuration section, select the Enforce PKCE checkbox.
  5. Click the Update button.
    Once you enforce PKCE, you get access token only on successful validation of code verifier.