diff --git a/CHANGELOG.md b/CHANGELOG.md
index 38f3e633..420b4ea8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,7 @@
 
 ### Changed
 * Fixed issue with sending scheduled messages
+* Fixed incorrect PKCE code challenge generation
 
 ## [2.0.0-beta.3] - Released 2023-12-18
 
diff --git a/src/main/kotlin/com/nylas/resources/Auth.kt b/src/main/kotlin/com/nylas/resources/Auth.kt
index a224b430..27792c4f 100644
--- a/src/main/kotlin/com/nylas/resources/Auth.kt
+++ b/src/main/kotlin/com/nylas/resources/Auth.kt
@@ -58,8 +58,7 @@ class Auth(private val client: NylasClient) {
     val urlBuilder = urlAuthBuilder(config)
     val secret = UUID.randomUUID().toString()
 
-    val sha256Digest = MessageDigest.getInstance("SHA-256").digest(secret.toByteArray())
-    val secretHash = Base64.getEncoder().encodeToString(sha256Digest)
+    val secretHash = hashPkceSecret(secret)
 
     urlBuilder
       .addQueryParameter("response_type", "code")
@@ -143,6 +142,18 @@ class Auth(private val client: NylasClient) {
     return client.executePost(path, responseType, queryParams = params)
   }
 
+  /**
+   * Hash a plain text secret for use in PKCE
+   * @param secret The plain text secret to hash
+   * @return The hashed secret with base64 encoding (without padding)
+   */
+  private fun hashPkceSecret(secret: String): String {
+    val sha256Digest = MessageDigest.getInstance("SHA-256")
+    sha256Digest.update(secret.toByteArray())
+    val hexString = sha256Digest.digest().joinToString(separator = "") { eachByte -> "%02x".format(eachByte) }
+    return Base64.getEncoder().withoutPadding().encodeToString(hexString.toByteArray())
+  }
+
   /**
    * Underlying function to build the Hosted Authentication URL
    * @param config The configuration for building the URL