I’m assuming this is for PKCE support? Unfortunately, I think you’re going to be blocked right now. Earlier discussion on the topic here:

Does the API you’re using give you the option of client id/secret only, or is it forcing you to implement PKCE?

Yeah, I have to use PKCE to call some endpoints which necessit more privileges.

Maybe I can pass the code_verifier (encrypted of course) in the URI and retrieve it by bundle.inputData or something like that ?

What do you think

I’m concerned this approach will circumvent the security provided by PKCE. If you have enough control over your auth provider to implement a non-standard flow like this, I’d imagine you have enough control to enable the standard client-id/client-secret configuration instead. And this would be my recommendation until Zapier adds proper PKCE support to its OAuth implementation.

Note that your Zapier integration is not a public client, in OAuth 2 authorization code flow terms. Check out environment variables as a secure way to configure, store, and use client id and secret. PKCE provides a clever way to secure public OAuth 2 authorization code flow clients, like mobile apps and single page apps, where that’s not possible. 

Alright, Thank you for your answer