diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/par/ws/rs/ParRestWebService.java b/jans-auth-server/server/src/main/java/io/jans/as/server/par/ws/rs/ParRestWebService.java
index 4644018ae01..1c8a1e522e7 100644
--- a/jans-auth-server/server/src/main/java/io/jans/as/server/par/ws/rs/ParRestWebService.java
+++ b/jans-auth-server/server/src/main/java/io/jans/as/server/par/ws/rs/ParRestWebService.java
@@ -122,8 +122,6 @@ public Response requestPushedAuthorizationRequest(
                             + "customRespHeaders = {}, claims = {}, tokenBindingHeader = {}",
                     acrValuesStr, amrValuesStr, originHeaders, codeChallenge, codeChallengeMethod, customResponseHeaders, claims, tokenBindingHeader);
 
-            parValidator.validatePkce(codeChallenge, codeChallengeMethod, state);
-
             List<ResponseType> responseTypes = ResponseType.fromString(responseType, " ");
             ResponseMode responseModeObj = ResponseMode.getByValue(responseMode);
 
@@ -173,6 +171,8 @@ public Response requestPushedAuthorizationRequest(
             par.getAttributes().setCustomParameters(requestParameterService.getCustomParameters(QueryStringDecoder.decode(httpRequest.getQueryString())));
 
             parValidator.validateRequestObject(redirectUriResponse, par, client);
+
+            parValidator.validatePkce(par.getAttributes().getCodeChallenge(), par.getAttributes().getCodeChallengeMethod(), state);
             authorizeRestWebServiceValidator.validatePkce(par.getAttributes().getCodeChallenge(), redirectUriResponse);
 
             parService.persist(par);