CodeChallenge | All my thinking about some code challenge and Free Code Camps

I have a code that is generating challenge string.

Following Okta's auth code flow, they say I need to create a PKCE code which contains a code verifier and challenger.

It is not clear how to create the values like their example:

I use msal-browser package for authentication and trying to set code_challenge to something which I want than the auto generated one by msal-browser.

I am trying to authenticate a "My Anime List" user using Oauth2 (following this guide) for my Android application.

Step 1: getting the authorization token

Here, I am using a WebView to prompt the user for its username and password. This step seems to work as far as I can see.

So I have a component called Products that fetches data from an API endpoint. I also have another component with a form in it and this form is meant to update the products component with the input data and make the new input available to see along with the existing fetched data. How do I accomplish this??...I also passed down the state from the products component to the form component, was this okay??? Your help will be truly appreciated.

Here is my products component:

I need to find a way with regex to verify a string I am getting as a parameter

this has to be one word that consists only of these characters: [A-Z] / [a-z] / [0-9] / "-" / "." / "_" / "~"

what I've tried

Edit: To clarify, getting the authorization code works as expected. It is purely the step of exchanging the authorization code for tokens that fails.

I am trying to implement the authorization code with PKCE flow for authenticating with the spotify API. I know there are libraries out there for this, but I really want to implement it myself. The flow I am talking about is this: https://developer.spotify.com/documentation/general/guides/authorization-guide/#authorization-code-flow-with-proof-key-for-code-exchange-pkce I am able to craft the link to redirect the user to the consent page and get a hold of the authorization code. However, when I try to exchange this code for tokens, I get a 400 Bad Request with the message "invalid client_secret". This leads me to believe that Spotify assumes I am trying to use the regular Authorization Code flow, as the client secret is not a part of the PKCE flow at all. I suspect I am encoding the code_verifier or the code_challenge wrong. I found this answer on SO (How to calculate PCKE's code_verifier?) and translated it to C#, yielding identical results for the Base64 encoded hash, but it still doesn't work.

My code for generating the code_verifier and code_challenge is below, as well as the code making the request to exchange the code.

CodeVerifier:

I need to complete Authorization Code Flow with Proof Key for Code Exchange. In step 4, I get an error 400 - bad request {"error":"invalid_request","error_description":"Invalid client secret"}.

Why need to client secret if it is PKCE. What do I wrong? Do you have any idea?

Body request like

code=abc&grant_type=authorization_code&redirect_uri=spotify-sdk%3A%2F%2Fauth&client_id=abc&code_verifier=abc

Example code verifier: xeJ7Sx1lyUr0A_DAomzewuGn8vNS2cd3ZF2odDlqHEqeYKpxjnYYhpHxOohoo7lf22VNImGiOy_PE07owmDn2VmTWvdKKQ

Example code challenge: N_yPRc_VC8JQJz5dYOuvvM-9cJLdAtEjJ9-lh8Xk_qI

And the same I see into request.

Use PkceUtil class

I'm honing/getting my feet back under me doing some simple code challenges in java and making sure I can assert both when the code works and when it throws an exception.

When I test with something that should pass, the code passes correctly. When I have it throw an exception, it throws the exception. But when I use assertThrows on the exception, the test fails with this error:

java.lang.NoSuchMethodError: 'java.lang.Throwable org.junit.Assert.assertThrows(java.lang.Class, org.junit.function.ThrowingRunnable)'

The test code looks like: