2020-12-28 UTC
# Zegnat [dmitshur] there should not be any reason why that should not work. I think I would mostly just find it unneccessary to do any processing on the originally provided code_challenge value. Especially since both inputs code_challenge and code_verifier are untrusted. I would say it is better to SHA-hash an untrusted value, than to (try to) decode an untrusted value.