Team - In the /login request, passing code_challenge and code_challenge_method and getting code which is being used in the token request. If I am passing code_verifier in the token request then getting expected result i.e. getting access token but if code_verifier is not present in token request still getting access token i.e. wrong. Our expectation is, token request should be failed.
Please sign in to leave a comment.