401 InvalidGrant error when swapping the auth code for a token.
POST /oauth/token
grant_type=authorization_code&code=...&code_verifier=...&client_id=...
The code_challenge in the initial request matches the SHA256(SHA256(code_verifier)) base64url encoding, and I’m passing the raw code_verifier back in the token request. Still getting kicked.
- SPA running on localhost:3000
- Genesys Cloud org with custom OAuth app
- Using
S256challenge method - Verified
code_verifierlength is 43-128 chars
Checked the state drift on the Terraform side, app config is clean. Anyone else hit this wall with the new PKCE requirements?