Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

F

Topics created by felix

F

Authorization Code with PKCE and without Client Secret in Postman

Comments & Feedback
• • • felix

6

0
Votes

6
Posts

8.4k
Views

F

Ok, I found the problem.

I was sending an Authorization header, because that was the default option in Postman. Now I tried it with the other option which is "Send client credentials in body" and it works.

The documentation about the token endpoint had me a bit confused, that's why I kept sending an (invalid) Authorization header. Now that I post an empty client_secret parameter in the body and NO Authorization header to the token endpoint, things are working fine.

Thanks for pointing me in the right direction, @robotdan and @dan.
F

SSO Redirect scheme

Q&A
• sso jwt • • felix

3

0
Votes

3
Posts

869
Views

F

@dan, thanks for the directions.

It looks lik you have a way to make the SSO redirect work for their widget, but not for the portal version of their solution. The portal works with a "redirect" URL parameter that the authenticating party receives and needs to send back after authentication.

I don't think FA supports arbitrary URL parameter forwarding, so this is pretty much a no go directly out of the box.

I'll have a look at the widget, maybe that's a better solution for us anyway.