#[fluffy]okay, the RFC’s just kinda hard for me to parse for whatever reason. So, if I understand correctly: when I initiate the auth request I include a code_challenge=base64(sha256(garbagestring)), and then when I do the verification request I include code_verifier=garbagestring ?