I have been following the django-oAuth-toolkit documentation. In the Authorization Code step, I have registered an application as shown in the screenshot.
But then the next step is given like this:
To start the Authorization code flow go to this URL which is the same as shown below:
http://127.0.0.1:8000/o/authorize/?response_type=code&client_id=vW1RcAl7Mb0d5gyHNQIAcH110lWoOW2BmWJIero8&redirect_uri=http://127.0.0.1:8000/noexist/callback
But when I replace my client id and ping that URL it redirects me to the following URL:
http://localhost:8000/noexist/callback?error=invalid_request&error_description=Code+challenge+required.
I have tried to google that error but it's such a common keyword that I am unable to find anything that is related to my issue. I am probably missing something obvious, I am new to Python and Django.
Note: In the documentation screenshot there is one form field missing which is there in my local environment. It's the algorithm field.
After debugging for so many hours I came to this, please include it in your settings.py file and it works. Maybe it is a bug since we defined our app as confidential with authorization_code grant type but oauth_provider is thinking it as public and trying to validate for pkce.