Welcome to the RingCentral Community

Hi.

We have just finished a POC accessing the restapi with the Devtet account and the password flow and all works fine (authenticate with dev text username/p[assword in header and send a SMS). We just changed the app in the RingCentral Dev dashboard to be oAuth flow, and we trying to test it with our devtest account.. but it seems the exchanging the code for access token is erroring with the following error:

{
       
    "error": "invalid_client",    
    "errors": [        
                  {
               
                      "errorCode": "OAU-123",            
                      "message": "Client authentication is required"        
                  }    
               ],    
    "error_description": "Client authentication is required"
}

Can we not use our devtest account to confirm oAuth is working? If so what am I doing wrong. If not, how can we test the oAuth flow is working correctly before we publish this to production

We are using oAuth flow with PKCE as per this article

Authorization code flow with Proof Key for Code Exchange (ringcentral.com)

We are getting the above error on step 3

I am using ngrok for the callback tunnel.

additional.

Changing the flow to be just normal oAuth with no PKCE.. added the basic header with client id and client secret to the redeem code for token step, and removed the code_challenge, code_challene_method and code_verifier and it works fine now. If it is an issue with the hash being provided (the code_verifier) could the message be a bit more helpful.

I have also verified, given the example code_verifier and code_challenge on the docs page above, my code produces the same challenge from the same verifier.\

Is there a limit on the code_verifier on the RingCentral side, doesn't appear to mention anything in the docs. In the RFC, code_verifier is a minimum of 43 characters and a maximum of 128 characters. I am using the maximum of 128.

UPDATE:

I tried with 43 character code_verifier and same error