I understand the intent of:
S256 "code_challenge" = BASE64URL(SHA256("code_verifier"))
but I think what it really says is take the base64url encoding of the sha256
hash of the constant string "code_verifier". Are those quotes really supposed
to be there?
-bill _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
