Enable Authorization Code Flow with PKCE

JFrog Platform Administration Documentation
Content Type
Administration / Platform
ft:sourceType
Paligo

WebUI Changes implemented in Artifactory 7.38.x and above

Security is now called Authentication Providers. All the relevant text and images on this page have been updated to reflect this change.

From Artifactory version 7.38, you can apply the Authorization Code Flow with PKCE (Proof Key for Code Exchange) flow for your OAuth Provider authorization provider. This flow is the alternative to the usage of Secrets, which is automatically disabled once you enable PKCE on your OAuth provider.

To enable PKCE on your OAuth provider:

  1. In the Administration module, navigate to the Administration module, and select Authentication Providers | OAuth SSO.

  2. Scroll to the Providers section and click New or edit an existing provider.

    PKCE enabled.png

  3. Select the PKCE Enabled check box.

    As a result, the Secret field is disabled.