Hi there,

I have been trying to implement PKCE with an unsupported provider (Zitadel) and had an issue with the authorization code exchange: the code challenge was always invalid (message invalid_grant, description invalid code challenge).

The OAuth2PKCEClient does generate a code challenge, but it is later overriden by league/oauth2-client AbstractProvider generating another one. As a result, the code challenge sent for authorization code exchange is not the same as before, hence the error.

With which provider is this OAuth2PKCEClient client class supposed to work?