using System;

using System.Text;

using IdentityModel;

using Microsoft.IdentityModel.Tokens;

using System.Security.Cryptography;

​

public class Program

{

    public static void Main()

    {

        // On /connect/authorize we send the hashed PKCE

        string codeChallenge = "bqeKK2kwcOqDbhbr8FhLd2EsFLFBNfC8DsuLVLi6LHg";

        // On /connect/token we end the clear text PKCE

        string clearText = "3a517ec76297442da5d906cc1a111bbe230e1eb54a3a448ab7374eb26011feab4cd526f092024d118abcf5748ebd5d32";

        byte[] clearTextBytes =  Encoding.ASCII.GetBytes(clearText);

        byte[] hashedBytes = Sha256(clearTextBytes);

        string urlEncodedBytes = Base64Url.Encode(hashedBytes);

        Console.WriteLine($"Code challenge: {urlEncodedBytes}");

        bool areEqual = TimeConstantComparer.Equals(urlEncodedBytes, codeChallenge);

        Console.WriteLine($"PKCE match: {areEqual}");

    }

​

    private static byte[] Sha256(byte[] input)

    {

        if (input == null)

        {

            return null;

        }

​

        using (var sha = SHA256.Create())

        {

            return sha.ComputeHash(input);

        }

    }

}