If the code challenge param is added for authType = AuthCode then backend expects a code verifier too. This blocks clients who are using the 3-legged oauth flow using oauth client secret since they do not have a code verifier.
So, this param should not be sent for AuthCode auth type.
If the code challenge param is added for authType = AuthCode then backend expects a code verifier too. This blocks clients who are using the 3-legged oauth flow using oauth client secret since they do not have a code verifier. So, this param should not be sent for AuthCode auth type.