Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP APM
Fixed In:
17.1.0
Opened: May 23, 2019 Severity: 4-Minor
The BIG-IP system does not support PKCE for OAuth clients.
You are unable to configure PKCE not the BIG-IP system.
-- BIG-IP APM configured as an OAuth Authorization Server. -- The environment requires PKCE
None
When BIG-IP requests access to the system as a client, a code challenge is sent along with authorization details to the authorization server to obtain the authorization code. In the token request, a code verifier is sent to the token endpoint along with the authorization code. Therefore, the server compares the code verifier to the code challenge and performs the proof of possession.