diff --git a/src/Grant/AuthCodeGrant.php b/src/Grant/AuthCodeGrant.php
index df89400e..0d05e7c8 100644
--- a/src/Grant/AuthCodeGrant.php
+++ b/src/Grant/AuthCodeGrant.php
@@ -144,7 +144,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
                 case 'S256':
                     if (
                         hash_equals(
-                            urlencode(base64_encode(hash('sha256', $codeVerifier))),
+                            strtr(rtrim(base64_encode(hash('sha256', $codeVerifier)), '='), '+/', '-_'),
                             $authCodePayload->code_challenge
                         ) === false
                     ) {
diff --git a/tests/Grant/AuthCodeGrantTest.php b/tests/Grant/AuthCodeGrantTest.php
index 498fdb4e..d9f366e6 100644
--- a/tests/Grant/AuthCodeGrantTest.php
+++ b/tests/Grant/AuthCodeGrantTest.php
@@ -630,7 +630,7 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
                             'user_id'               => 123,
                             'scopes'                => ['foo'],
                             'redirect_uri'          => 'http://foo/bar',
-                            'code_challenge'        => urlencode(base64_encode(hash('sha256', 'foobar'))),
+                            'code_challenge'        => strtr(rtrim(base64_encode(hash('sha256', 'foobar')), '='), '+/', '-_'),
                             'code_challenge_method' => 'S256',
                         ]
                     )