diff --git a/packages/authentication/src/client/oidc-client/get-code.ts b/packages/authentication/src/client/oidc-client/get-code.ts
index 3a96aed04c..5ec5ff068a 100644
--- a/packages/authentication/src/client/oidc-client/get-code.ts
+++ b/packages/authentication/src/client/oidc-client/get-code.ts
@@ -24,6 +24,7 @@ export default async function authorize(this: OIDCClientState, provider: string,
 
     const result: X = { endpoint, state, query: { state, client_id: this.providers[provider].clientId, scope: scope.join('+'), redirect_uri, response_type } };
 
+    //PKCE
     if (oidc.code_challenge_methods_supported && oidc.code_challenge_methods_supported.length)
     {
         if (oidc.code_challenge_methods_supported.indexOf('S256') > -1)
@@ -31,7 +32,7 @@ export default async function authorize(this: OIDCClientState, provider: string,
             result.verifier = crypto.randomUUID();
             const encoder = new TextEncoder();
             const data = encoder.encode(result.verifier);
-            result.query.code_challenge = base64.base64EncArr(await crypto.subtle.digest('SHA-256', data)).replace(/-/g, '+').replace(/_/g, '/');
+            result.query.code_challenge = base64.base64EncArr(new Uint8Array(await crypto.subtle.digest('SHA-256', data))).replace(/-/g, '+').replace(/_/g, '/');
             result.query.code_challenge_method = 'S256';
         }
         else if (oidc.code_challenge_methods_supported.indexOf('plain') > -1)
diff --git a/packages/authentication/src/client/oidc-client/get-token.ts b/packages/authentication/src/client/oidc-client/get-token.ts
index 99214afbfd..1fb5cf193c 100644
--- a/packages/authentication/src/client/oidc-client/get-token.ts
+++ b/packages/authentication/src/client/oidc-client/get-token.ts
@@ -1,5 +1,5 @@
 import { OIDCClientState, OIDCResponseType, providers, OICDAuthMethods } from "../oidc-state.js";
-
+import { base64 } from '@akala/core'
 
 type X = {
     endpoint: URL;
@@ -50,7 +50,7 @@ export default function (this: OIDCClientState, provider: string, code: string,
         switch (x)
         {
             case OICDAuthMethods.ClientSecretBasic:
-                result.headers.authorization = Buffer.from(providerConfig.clientId + ':' + providerConfig.clientSecret).toString('base64');
+                result.headers.authorization = base64.base64EncArr(base64.strToUTF8Arr(providerConfig.clientId + ':' + providerConfig.clientSecret));
                 return result;
             case OICDAuthMethods.ClientSecretPost:
                 result.body = result.query;