Overview
This article addresses an error involving Proof Key for Code Exchange (PKCE) that occurs after completing the login flow for a Native application that advises the application type be set to Native, even when the Application Type is already set to Native. The following error is displayed:
Login failed: PKCE_NOT_ALLOWED: Unable to perform authentication with PKCE. Enable PKCE support in the settings page of the Auth0 application, by setting the ‘Application Type’ to ‘Native’
Applies To
- Native apps
- Authorization Code flow with PKCE
Cause
This error is caused when the Token Endpoint Authentication Method is set to a value other than ‘None’ for the client. While this setting defaults to ‘None’ for Native clients, it can be changed through the Management API, causing the Application Type to remain ‘Native’ while the authentication method is incorrect.
Solution
This issue can be resolved through either the Auth0 Dashboard or the Management API.
Method 1: Auth0 Dashboard
- Navigate to Applications and select the desired application.
- Select the Settings tab and go to Application Properties.
- Choose Regular Web Application for the Application Type and select the Save button.
- Select the Credentials tab.
- Select None for Application Authentication and select the Save button.
- Return to the Settings tab, change the Application Type back to Native, and select the Save button.
Method 2: Management API
Use the Update a client endpoint to update the application with the following option:
"token_endpoint_auth_method":"none"