...
code_verifier: The code verifier should be a high-entropy cryptographic random string with a minimum of 43 characters and a maximum of 128 characters. Should only use A-Z, a-z, 0–9, “-”(hyphen), “.” (period), “_”(underscore), “~”(tilde) characters.
code_challenge: The code challenge is created by SHA256 hashing the code_verifier and base64 URL encoding the resulting hash.
Base64UrlEncode(SHA256Hash(code_verifier)). And each pair is used only once.code_challenge = BASE64URL-ENCODE(SHA256(ASCII(code_verifier))).
code_challenge_method: It is used to state the method (the available value is “S256”) used to transform the code verifier into the code challenge and if you don’t use it an Authorization Server will assume that the code challenge and the code verifier are the same.
Requesting an OpenID Connect Access Token to use in Coupa
...
OAuth2 account
Once you have created a client, the next step is to request for an access token.
...