In-client OAuth has stopped working

Zoom Apps Configuration
Angular 19 app using @zoom/appssdk@0.16.27.

Description
We are using in-client OAuth to authenticate users (authorize / onAuthorized) with a PKCE verifier using "code_challenge_method": "S256", which was working perfectly in our published app until the 9th of April. After that, we started occasionally seeing Invalid Authorization Code / invalid_grant errors when calling /oauth/token to redeem the authorization code. As of the 11th of April, this has now stopped working entirely and always returns invalid_grant. We have not made any changes to our apps, so this appears to be a breaking change on Zoom’s side.

A related post here mentions that PKCE may no longer work with a plain code_challenge_method. We are using a SHA-256 hash with "code_challenge_method": "S256", so this does not appear to be exactly the same issue, although the timeframe lines up with the issues we are seeing.

Error?

[{ “reason”: “Invalid authorization code”, “error”: “invalid_grant” }]

Troubleshooting Routes
We have tried changing to a plain verifier, and removing the PKCE verifier entirely, but this just gives the same error. We have 3 separate apps which are all affected in exactly the same way.

How To Reproduce
Use the in-client OAuth flow with a SHA-256-hashed verifier, then attempt to redeem the authorization code with a request to https://zoom.us/oauth/token, as described in Authentication, and GitHub - zoom/zoomapps-advancedsample-react: This repository contains an Advanced Zoom Apps Sample. It should serve as a starting point for you to build and test your own Zoom App in development..

Hi @dominic.light
Thanks for reaching out to us.
I was going to share with you the response from the other developer, who confirmed that using s264 PKCEs instead of plain works for them.
You mentioned it is not the case for you, correct?
I will send you a DM to look further into this and report it to our Engineering team if needed