On the Twitter Github repo, user jgjr mentions:
I have resolved the issue by passing my own code_challenge and setting the code_challenge_method as ‘plain’. I then store the code_challenge and generate another authURL with the same code_challenge before generating the access token. I hope that helps if anyone else is in the same situation.
In the initial call of generateAuthURL() I use code_challenge_method: ‘plain’ and save the code_challenge that I use. Then when the user is redirected back to my platform I call the generateAuthURL() method again with the same saved code_challenge, and then the requestAccessToken() method with the code I have received.