API Gateway 10.11 | Using API Gateway | Usage Scenarios | Securing Access Token Calls with PKCE | How do I generate code verifier and code challenge using JAR files?
 
How do I generate code verifier and code challenge using JAR files?
If you want to secure the access token by directly calling REST APIs in API Gateway, you have to generate the code verifier and code challenger using JAR files.
Before you begin
Ensure that you have JShell, which is available as part of JDK from JDK9.
*To generate code verifier and code challenge
1. Invoke the JShell file in the Install_Dir\common\lib directory with class path set to wm-isclient.jar using the below command:
C:\> jshell -c c:\ Install_Dir\common\lib\wm-isclient.jar
2. Import the PKCE class file using the following command:
jshell> import com.softwareag.util.PKCE;
3. Create code verifier using the following command:
jshell> PKCE.createCodeVerifier();
The code verifier is generated as follows:
$2==>"95b4efde52b141d1bde8a7bfc23bdb244728fdd70d4a4be5b110866cfc218db7"
4. Create code challenger using the following command:
jshell> PKCE.createCodeChallenge("code_verifier","S256");
Note:
Replace the code_verifier parameter with the code verifier string that you generated in the previous step.
The code challenge is generated using SHA 256 hashing method as follows:
$3==>"tMTWyt3W5QtaPIqNkqAHLTGZnN0aPopp2fsLrUFdAC0"