I have a requirement where I am creating an non-native client app which requires refresh token in the response. Also we don’t want to save client secret on any client machine. So I tried the flow with PKCE.
I used this document. But when I try hitting the /authorize endpoint, I get the following error:
<strong>invalid_request</strong>: You may have pressed the back button, refreshed during login, opened too many login dialogs, or there is some issue with cookies, since we couldn't find your session. Try logging in again from the application and if the problem persists please contact the administrator.
Is it possible to achieve with PKCE? Or should I use any other flow.
Any help appreciated!