Affects Version/s: Master, 1.1-marketplace_7.1.0
Fix Version/s: None
When attempting to save changes to an OAuth 2 application with "PKCE Extended Authorization Code" selected as an Authorization Type AND the Client Secret populated, the form does not save and an error message appears at the top of the page. This is an expected result as a Client Secret is not supposed to be used in a PKCE flow.
However, the error message that appears on top of the page reads:
This message can be misleading as it implies that PKCE does not work with the Client Profile type that is selected even when Native Application is selected. The message should instead indicate that the Client Secret cannot be populated when PKCE is selected.
Steps to reproduce:
- Create a new OAuth 2 app selecting "Native Application" as the Client Profile and "PKCE Extended Authorization Code" as the Allowed Authorization Type and save
- Enter a value in the Client Secret field and save
Portal master Git SHA: 209fe1d2cd5c3081e414d8301828ae5c6e751d6c
Portal DXP 7.1 Fix Pack 3 + OAuth 2 1.1.0