I was recently checking out Auth0 for a Xamarin Forms mobile app and trying to follow their walkthrough for authorization code grant flow with PKCE.
They have C# sample code for most other scenarios on their site, but not for this one.
Converting the Java sample to C# was straight forward, but it didn’t work. The code verifier and challenge were not right somehow.
The key was how to base64 encode the verifier and challenge. I found this in Appendix A of the RFC. You need to base64 encode without padding. Once I did my encoding using their sample code, the code verifier and challenge were generated properly and worked in the calls to Auth0.
Here’s a small helper class for creating a proper code verifier and code challenge. I’m using the PCLCrypto nuget package for the crypto bits. Note the Base64UrlEncode method. That’s where the magic happens.