Okta PKCE with Postman API Automation

I am new to PKCE-based authentication integration. I want to create API automation for PKCE enabled auth flow using Postman. These are the steps I have followed so far and still not able to get the access token.

curl --location 'https://{octa-url}/api/v1/authn' \
--header 'Content-Type: application/json' \
--header 'Cookie: DT=DI1MTuBjlqYTay_kF_4E8aY7w; JSESSIONID=C2E69C109D80E08FD28ADD71D00DE6AB; t=default' \
--data-raw '{
    "username": "username",
    "password": "password"

Then it returns the sessionToken

The second Request I have sent is authorize Request

curl --location 'https://{okta-url}/oauth2/default/v1/authorize?client_id={client-id}&scope=openid&redirect_uri={callback-url}&response_type=code&state=state&sessionToken={sessionToken}&code_challenge={code-challenge}&code_challenge_method=S256&prompt=none' \

--header 'Cookie: DT=DI1MTuBjlqYTay_kF_4E8aY7w; JSESSIONID=FE3831EC2675E278EFE05F19AF59E686; sid=102Az6VmKP0R7m5BOYb1NJQUw; t=default'

Here to generate a code challenge I have used this online tool

Then Its response headers give the authorizationCode code. In this format


then the last request send the Token request as follows

curl --location 'https://{okta-url}/oauth2/default/v1/token?state=state' \

--header 'Content-Type: application/x-www-form-urlencoded' \

--header 'Cookie: DT=DI1MTuBjlqYTay_kF_4E8aY7w; JSESSIONID=D0586125BC7DC964FE475B4C322B9999; sid=102Az6VmKP0R7m5BOYb1NJQUw; t=default' \

--data-urlencode 'grant_type=authorization_code' \

--data-urlencode 'redirect_uri={callback-url}' \

--data-urlencode 'code={authorizationCode}' \

--data-urlencode 'code_verifier={code-verifier}' \

--data-urlencode 'client_id={client-id}'

Then It returns the response as 400 bad request.

    "error": "invalid_grant",
    "error_description": "PKCE verification failed."

Is there any issues with the flows I have followed?

How long is the code verifier? It has to be at least 43 characters Implement authorization by grant type | Okta Developer

Yes it is more that 43 characters

Ex : ovtsi8Pd3RC2HiJdwQ9kTqWJ3cUaDrD5H_URFyurL0A

Looks correct. Did you check the Application you have setup in Okta? I hope it has “authorization_code” grant type.