What is PKCE?
PKCE (Proof Key for Code Exchange) is a security extension for the OAuth 2.0 Authorization Code flow.
It’s designed for public clients (like mobile apps or SPAs) that can’t securely store a client secret.
PKCE works by using a dynamically generated code verifier and challenge to prevent interception of the authorization code.
🛠 Steps to Configure PKCE in PingFederate
- Login to PingFederate Admin Console
- Go to Applications → OAuth Clients
- Click Add Client
- Provide the following:
- Client ID
- Name
- Redirect URI
- Scopes
- Client ID
- Set Allowed Grant Types:
- Authorization Code
- Refresh Token
- Authorization Code
- Use the default token manager (e.g., ATM1)
- Enable: ✅ Require Proof Key for Code Exchange (PKCE)
- Save the client configuration
Steps to Get Access Token in Postman:-
1. Open Postman and Create a Request
· Launch Postman application.
Add request in ping oauth and rename as obtaining access token using authorization
·
2. Go to the Authorization Tab
· Select the “Authorization” tab located in the request window.
3. Select Authorization Type
· In the Type dropdown, select OAuth 2.0.
4. Fill in OAuth 2.0 Configuration Details
| Field | Description |
| Token Name | A name to identify your token (e.g., `My OAuth Token`) |
| Grant Type | Select the appropriate grant type (Authorization Code, Client Credentials, etc.) |
| Callback URL | Redirect URI registered with your identity provider (e.g., https://oauth.pstmn.io/v1/callback) |
| Auth URL | The authorization endpoint URL |
| Access Token URL | The token endpoint URL |
| Client ID | Provided by your identity provider |
| Client Secret | Provided by your identity provider |
| Scope | (Optional) Define access levels (e.g., `openid profile`) |
| State / Client Auth | (Optional) Depending on provider setup |
| Client Authentication | Send as basic Auth Header |
· Provide the required fields as per your authorization server’s configuration:
5. Click “Get Token”
After entering details, click “Get Token”.
·
If applicable, Postman will redirect you to an authentication page.
· Authenticate using your credentials.
Postman will receive and display the token.
After getting new access token click on proceed
click on use token the token is copied
DOCODE WITH JSON WEB TOKENS:-
✅ Step-by-Step Guide
1. Send Request and Get Token
Ensure your request in Postman uses OAuth 2.0 Authorization Code with PKCE to get the access token.
2. Extract the Token
After clicking “Use Token”, the token is attached to your request. You can extract and decode it using the json web token.
OPEN GOOGLE SEARCH JSON WEB TOKEN
3. After entering into json web token website click on clear then preinstalled code will be removed
4.Copied postman token have to paste here
5.Once code is pasted the code will be automatically decoded and client details can view
