Step 1: Create the application connection
POST {{apiPath}}/environments/{{envID}}/applications
The POST /environments/{{envID}}/applications endpoint creates the application connection and sets the pkceEnforcement property to one of the REQUIRED options.
The response returns a 201 Created message and shows the application connection data. In this request, the pkceEnforcement property value is set to S256_REQUIRED, which specifies that a PKCE code_challenge parameter is required in the authorize request and the code_challenge_method is also required and must specify S256 (a SHA2 256-bit hash).
Note: In this activity, the tokenEndpointAuthMethod in the application's OIDC properties is set to NONE, which specifies that no authentication credentials are required in the request. Conversely, if the application's tokenEndpointAuthMethod is set to CLIENT_SECRET_BASIC or CLIENT_SECRET_POST, authentication credentials would be required in the request. For example, if the tokenEndpointAuthMethod value is set to CLIENT_SECRET_BASIC, the client_id and client_secret attribute values are needed but cannot be part of the request body. In these cases, the client_id and client_secret are passed in as a Base64 encoded authorization header in the request, like this --user 'client_id:client_secret'.
Request Body
{"name"=>"UseCasePKCEApp", "description"=>"this is my use case PKCE application", "pkceEnforcement"=>"S256_REQUIRED", "enabled"=>true, "type"=>"NATIVE_APP", "protocol"=>"OPENID_CONNECT", "responseTypes"=>["CODE", "TOKEN", "ID_TOKEN"], "grantTypes"=>["AUTHORIZATION_CODE", "IMPLICIT"], "tokenEndpointAuthMethod"=>"NONE", "postLogoutRedirectUris"=>["https://www.example.com"], "redirectUris"=>["https://www.example.com"]}
HEADERS
| Key | Datatype | Required | Description |
|---|---|---|---|
Authorization | string | ||
Content-Type | string |