ExchangeCodeForSession - Supabase returns HTTP 403 "code challenge does not match..."

[nref]

Looking for some help implementing server-side PKCE auth flow in ASP.NET Core.

After calling Supabase.Client.SignInWithOtp(...) on the server:

Then looking in the DB flow_state table I can see the generated auth_code and code_challenge:

If I then manually paste auth_code and code_challenge into my API controller, hash code_challenge with Helpers.GeneratePKCENonceVerifier(...), then pass the hash and auth_code to Supabase.Client.ExchangeCodeForSession, then Supabase returns

HTTP 403 "code challenge does not match previously saved code verifier"

I would have expected a match.

[acupofjose]

The code verifier should be in your variable result.PKCEVerifier - which you would use for the session code exchange! (See here)