diff --git a/src/Grant/AuthCodeGrant.php b/src/Grant/AuthCodeGrant.php
index c39679b6..6f2b6ff8 100644
--- a/src/Grant/AuthCodeGrant.php
+++ b/src/Grant/AuthCodeGrant.php
@@ -144,7 +144,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
                 case 'S256':
                     if (
                         hash_equals(
-                            strtr(rtrim(base64_encode(hash('sha256', $codeVerifier)), '='), '+/', '-_'),
+                            hash('sha256', strtr(rtrim(base64_encode($codeVerifier), '='), '+/', '-_')),
                             $authCodePayload->code_challenge
                         ) === false
                     ) {
diff --git a/tests/Grant/AuthCodeGrantTest.php b/tests/Grant/AuthCodeGrantTest.php
index 80a95c31..0146561a 100644
--- a/tests/Grant/AuthCodeGrantTest.php
+++ b/tests/Grant/AuthCodeGrantTest.php
@@ -767,7 +767,7 @@ class AuthCodeGrantTest extends TestCase
                             'user_id'               => 123,
                             'scopes'                => ['foo'],
                             'redirect_uri'          => 'http://foo/bar',
-                            'code_challenge'        => strtr(rtrim(base64_encode(hash('sha256', 'foobar')), '='), '+/', '-_'),
+                            'code_challenge'        => hash('sha256', strtr(rtrim(base64_encode('foobar'), '='), '+/', '-_')),
                             'code_challenge_method' => 'S256',
                         ]
                     )