PKCE Flow in web environment rejects code_verifier

I am trying to implement the PKCE OAuth flow in a web environment. Therefore, I first call API to get a one time code:

return dropboxAuth .getAuthenticationUrl( this._redirectUrl, void 0, "code", void 0, void 0, void 0, true )

which leads to the following URL: https://www.dropbox.com/oauth2/authorize?response_type=code&client_id=CLIENT_ID&redirect_uri=REDIRECT_URI&code_challenge_method=S256&code_challenge=CODE_CHALLENGE

Before navigating to this link, I save the code_verifier which was generated by the Dropbox SDK. After navigating back from the URL, I get the one time code as a param: http://localhost:5000/?code=CODE

With this code, and the code_verifier I saved previously, I try to get an access token by calling (there is no method to set the code verifier, but since the app is left for navigating to the OAuth page, I somehow have to store it, therefore I set it “manually” after returning to my app, to make sure the SDK uses the same verifier as used previously to create the challenge): dropboxAuth.codeVerifier = verifier; const accessToken = await dropboxAuth.getAccessTokenFromCode(this._redirectUrl, code); which leads to the following URL:

POST | https://api.dropboxapi.com/oauth2/token?grant_type=authorization_code&code=CODE&client_id=CLIENT_ID&code_verifier=CODE_VERIFIER&redirect_uri=REDIRECT_URI

and the following result returned from Dropbox: {"error_description": "invalid code verifier", "error": "invalid_grant"}

I have checked multiple times by debugging, the code_verifier sent to the token endpoint matches the code_verifier generated by the Dropbox SDK before navigation to the OAuth page happens.

Am I missing something here? Any help is highly appreciated.

SDK-Version: 9.0.0 Browsers: Firefox 84.0.2 64bit Chrome: 87.0.4280.141 (Official Build) (64-bit)