PKCE code verifier does not respect the RFC 7636

[smarting8m]

module: openid-connect-client
version : 1.3.4

First of all, thanks for your work :), it simplifies the OIDC connection a lot.
But it seems the openid-connect-client does not respect the RFC 7636 - section 4.1 about the PKCE.
Indeed, the RFC mentions that the code verifier should be included between 43 and 128 characters.

But the method that generates the code verifier in OIDCAuthenticationFilter generates 50 bits and converts it in hexadecimal after, which results in a code verifier of length of 12 or 13...

Incriminated method :

/**
 * Create a random code challenge and store it in the session
 * @param session
 * @return
 */
protected static String createCodeVerifier(HttpSession session) {
	String challenge = new BigInteger(50, new SecureRandom()).toString(16);
	session.setAttribute(CODE_VERIFIER_SESSION_VARIABLE, challenge);
	return challenge;
}