How to configure Authorization Code Grant with PKCE flow properly?

[VitorPaulinoG]

I'm using the latest version of SpringDoc OpenAPI. However, even after following all the steps to enable authentication with the Authorization Code Grant with PKCE flow through Swagger, the "client_secret is missing" message still appears.
And worse... if I enter the client secret (which shouldn't be required for this flow), Swagger displays the message that the code_verifier is invalid. This is probably because the code_challenge was not generated or was generated incorrectly.
Below is the current configuration:

		<dependency>
			<groupId>org.springdoc</groupId>
			<artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
			<version>2.8.13</version>
		</dependency>

spring:
  security:
    oauth2:
      resourceserver:
        jwt: 
          issuer-uri: https://accounts.google.com
          jwk-set-uri: https://www.googleapis.com/oauth2/v3/certs

springdoc:
  swagger-ui:
    oauth:
      client-id: ${GOOGLE_CLIENT_ID}
      use-pkce-with-authorization-code-grant: true
      scopes: openid,email,profile
    oauth2-redirect-url: http://localhost:8080/swagger-ui/oauth2-redirect.html
    config-url: /v3/api-docs/swagger-config

@Configuration
@EnableWebSecurity
public class SecurityConfig {
    @Bean
    SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        return http
            .cors(cors -> cors.disable())
            .csrf(csrf -> csrf.disable())
            .authorizeHttpRequests(auth -> {
                auth.requestMatchers(HttpMethod.OPTIONS, "/**").permitAll()
                    .requestMatchers(
                    "/swagger-ui/**", 
                        "/swagger-ui.html", 
                        "/swagger-resources/**",
                        "/swagger-ui/oauth2-redirect.html",
                        "/swagger-resources",
                        "/v3/api-docs/**",
                        "/actuator/**",
                        "/webjars/**"
                    ).permitAll()
                    .anyRequest().authenticated();
            })
            .oauth2ResourceServer(oauth2 -> oauth2.jwt(Customizer.withDefaults()))
            .build();
    }
}

@Configuration
public class OpenApiConfig {
    @Bean
    OpenAPI openAPI() {
        final String securitySchemeName = "googleAuth";
        return new OpenAPI()
            .info(new Info().title("YouLyrics").version("1.0"))
            .addSecurityItem(new SecurityRequirement().addList(securitySchemeName))
            .components(new Components()
                .addSecuritySchemes(securitySchemeName,
                    new SecurityScheme()
                        .type(SecurityScheme.Type.OAUTH2)
                        .description("Autenticação via Google (PKCE)")
                        .flows(new OAuthFlows()
                            .authorizationCode(new OAuthFlow()
                                .authorizationUrl("https://accounts.google.com/o/oauth2/v2/auth")
                                .tokenUrl("https://oauth2.googleapis.com/token")
                                .scopes(new Scopes()
                                    .addString("openid", "OpenID Connect scope")
                                    .addString("email", "Access to email")
                                    .addString("profile", "Access to basic profile")
                                )))));
    }
}

Please tell me what I'm doing wrong.

[bnasslahsen]

@VitorPaulinoG,

We use GitHub issues to track bugs and enhancements. If you have a general usage question please ask on Stack Overflow. The springdoc-openapi team and the broader community monitor the springdoc tag.