Hello,
I am developing the flow authorization code with PKCE in apigee x. While testing today, I noticed an abnormal behavior.
The flow was operational last week but today I have an error when I call /token in order to exchange "code" against an "access token".
The error message is as follows :
{"ErrorCode":"invalid_grant","Error":"Invalid authorization code"}
I managed to reproduce the error by following the example described below:
https://cloud.google.com/apigee/docs/api-platform/security/oauth/oauth-v2-policy-authorization-code-grant-type?hl=en#stepsintheauthorizationcodeflow-6edgesendstheauthorizationcodebacktotheclient
I wonder if you had the same behavior and if you manage to reproduce the same result or if there was an update on apigee side that I don't know.
Regards,
I've never seen that. I suppose you're doing something .. special.
Here's a screencast I did some time ago, that covers this flow. And here is the source code repo.
Here is the helper webpage that I mentioned in the screencast. You should be able to use this with your own OAuth2/PKCE endpoint, even if you don't use my configuration.
I identified the problem. Basically, the consumer application is no longer recognized by the OAuthV2 policy. I tested with an old one and it worked.
When I created a new application via APIGEE web tool or the APIGEE API, I reproduced the error.
POST https://apigee.googleapis.com/v1/{parent=organizations/*/developers/*}/apps
Good effort reproducing the problem. It sounds like a bug, from what you are describing. At this point, I suggest that you connect with Apigee support to report this problem.