The code challenge isn't being validated

[celiovasconcelos]

spring-authorization-server-guide/auth-server/src/main/java/org/example/authserver/PublicClientRefreshTokenAuthenticationProvider.java

Line 34 in 0fedb22

// ---> removed the PKCE requirement

Instead of removing PCKE check, you should do this:

    String grantTypeStr = (String) ((OAuth2ClientAuthenticationToken) authentication).getAdditionalParameters().get("grant_type");
    boolean isGrantTypeAuthorizationCode = AuthorizationGrantType.AUTHORIZATION_CODE.getValue().equals(grantTypeStr);

    if (isGrantTypeAuthorizationCode) {
      // Validate the "code_verifier" parameter for the public client
      this.codeVerifierAuthenticator.authenticateRequired(clientAuthentication, registeredClient);
    }

CodeVerifierAuthenticator is protected, so you must copy it to your project and use the copy.