// generate code verifier
final String codeVerifier = EncodingUtil.base64Encode(Crypto.generateAesKey(256));
// generate code challenge (sha-256 hash of verifier and then base64url encoded)
final Blob bCodeChallenge = Crypto.generateDigest('SHA-256', Blob.valueOf(codeVerifier));
final String codeChallengePre = EncodingUtil.base64Encode(bCodeChallenge);
// base64url escape
final String codeChallenge = codeChallengePre.replaceAll('[+]', '-').replaceAll('[/]', '_').replaceAll('[=]', '');