diff --git a/WordPressAuthenticator.xcodeproj/project.pbxproj b/WordPressAuthenticator.xcodeproj/project.pbxproj
index ab471bd92..033ec3925 100644
--- a/WordPressAuthenticator.xcodeproj/project.pbxproj
+++ b/WordPressAuthenticator.xcodeproj/project.pbxproj
@@ -16,6 +16,7 @@
 		1A21EE9822832BC300C940C6 /* WordPressComOAuthClientFacade+Swift.swift in Sources */ = {isa = PBXBuildFile; fileRef = 1A21EE9722832BC200C940C6 /* WordPressComOAuthClientFacade+Swift.swift */; };
 		1A4095182271AEFC009AA86D /* WPAuthenticator-Swift.h in Headers */ = {isa = PBXBuildFile; fileRef = 1A4095152271AEFC009AA86D /* WPAuthenticator-Swift.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		3108613125AFA4830022F75E /* PasteboardTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 3108613025AFA4830022F75E /* PasteboardTests.swift */; };
+		3F107B0529A87AF0009B3658 /* CodeVerifier+Fixture.swift in Sources */ = {isa = PBXBuildFile; fileRef = 3F107B0429A87AF0009B3658 /* CodeVerifier+Fixture.swift */; };
 		3F30A6B4299F10BD0004452F /* Character+URLSafe.swift in Sources */ = {isa = PBXBuildFile; fileRef = 3F30A6B3299F10BD0004452F /* Character+URLSafe.swift */; };
 		3F30A6BA299F12E30004452F /* Character+URLSafeTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 3F30A6B9299F12E30004452F /* Character+URLSafeTests.swift */; };
 		3F338B6A289B877F0014ADC5 /* BuildkiteTestCollector in Frameworks */ = {isa = PBXBuildFile; productRef = 3F338B69289B877F0014ADC5 /* BuildkiteTestCollector */; };
@@ -264,6 +265,7 @@
 		3108613025AFA4830022F75E /* PasteboardTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = PasteboardTests.swift; sourceTree = "<group>"; };
 		33FEF45B466FF8EAAE5F3923 /* Pods-WordPressAuthenticator.release.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-WordPressAuthenticator.release.xcconfig"; path = "Pods/Target Support Files/Pods-WordPressAuthenticator/Pods-WordPressAuthenticator.release.xcconfig"; sourceTree = "<group>"; };
 		37AFD4EF492B00CA7AEC11A3 /* Pods-WordPressAuthenticatorTests.release-alpha.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-WordPressAuthenticatorTests.release-alpha.xcconfig"; path = "Pods/Target Support Files/Pods-WordPressAuthenticatorTests/Pods-WordPressAuthenticatorTests.release-alpha.xcconfig"; sourceTree = "<group>"; };
+		3F107B0429A87AF0009B3658 /* CodeVerifier+Fixture.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "CodeVerifier+Fixture.swift"; sourceTree = "<group>"; };
 		3F30A6B3299F10BD0004452F /* Character+URLSafe.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "Character+URLSafe.swift"; sourceTree = "<group>"; };
 		3F30A6B9299F12E30004452F /* Character+URLSafeTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "Character+URLSafeTests.swift"; sourceTree = "<group>"; };
 		3F338B6B289B87E60014ADC5 /* UnitTests.xctestplan */ = {isa = PBXFileReference; lastKnownFileType = text; path = UnitTests.xctestplan; sourceTree = "<group>"; };
@@ -587,6 +589,8 @@
 		3FE8072329365FC20088420C /* GoogleSignIn */ = {
 			isa = PBXGroup;
 			children = (
+				3F30A6B9299F12E30004452F /* Character+URLSafeTests.swift */,
+				3F107B0429A87AF0009B3658 /* CodeVerifier+Fixture.swift */,
 				3F82E63829931D95003EFC16 /* CodeVerifierTests.swift */,
 				3F4E646F2990B7B3000DB555 /* Data+Base64URLTests.swift */,
 				3F82E63C29935E65003EFC16 /* Data+SHA256Tests.swift */,
@@ -600,7 +604,6 @@
 				3F82E6322993101A003EFC16 /* String+RandomTests.swift */,
 				3FE8071E2936558F0088420C /* URL+GoogleSignInTests.swift */,
 				3F879FDE293A501D005C2B48 /* URLRequest+GoogleSignInTests.swift */,
-				3F30A6B9299F12E30004452F /* Character+URLSafeTests.swift */,
 			);
 			path = GoogleSignIn;
 			sourceTree = "<group>";
@@ -1550,6 +1553,7 @@
 				3F82E6332993101A003EFC16 /* String+RandomTests.swift in Sources */,
 				4A1DEF4A29341B1F00322608 /* LoggingTests.m in Sources */,
 				3FEC44F9293A0F2900EBDECF /* ProofKeyForCodeExchangeTests.swift in Sources */,
+				3F107B0529A87AF0009B3658 /* CodeVerifier+Fixture.swift in Sources */,
 				CE16177821B70C1A00B82A47 /* WordPressAuthenticatorDisplayTextTests.swift in Sources */,
 				3F879FF4293A7F46005C2B48 /* GoogleOAuthTokenGetterTests.swift in Sources */,
 				B501C048208FC79C00D1E58F /* LoginFacadeTests.m in Sources */,
diff --git a/WordPressAuthenticatorTests/GoogleSignIn/CodeVerifier+Fixture.swift b/WordPressAuthenticatorTests/GoogleSignIn/CodeVerifier+Fixture.swift
new file mode 100644
index 000000000..f3fc1ef9e
--- /dev/null
+++ b/WordPressAuthenticatorTests/GoogleSignIn/CodeVerifier+Fixture.swift
@@ -0,0 +1,12 @@
+@testable import WordPressAuthenticator
+
+extension ProofKeyForCodeExchange.CodeVerifier {
+
+    /// A code verifier for testing purposes that is guranteed to be valid and deterministic.
+    ///
+    /// The reason we care about it being deterministic is because we don't want implicit randomness test.
+    /// The only place were we want to use random values in the `CodeVerifier` tests which explicitly check the random generation.
+    static func fixture() -> Self {
+        .init(value: (0..<minimumLength).map { _ in "a" }.joined())!
+    }
+}
diff --git a/WordPressAuthenticatorTests/GoogleSignIn/OAuthRequestBody+GoogleSignInTests.swift b/WordPressAuthenticatorTests/GoogleSignIn/OAuthRequestBody+GoogleSignInTests.swift
index 7f73f98a1..1715e9cec 100644
--- a/WordPressAuthenticatorTests/GoogleSignIn/OAuthRequestBody+GoogleSignInTests.swift
+++ b/WordPressAuthenticatorTests/GoogleSignIn/OAuthRequestBody+GoogleSignInTests.swift
@@ -4,7 +4,7 @@ import XCTest
 class OAuthRequestBodyGoogleSignInTests: XCTestCase {
 
     func testGoogleSignInTokenRequestBody() throws {
-        let codeVerifier = ProofKeyForCodeExchange.CodeVerifier.makeRandomCodeVerifier()
+        let codeVerifier = ProofKeyForCodeExchange.CodeVerifier.fixture()
         let pkce = ProofKeyForCodeExchange(codeVerifier: codeVerifier, method: .plain)
         let body = OAuthTokenRequestBody.googleSignInRequestBody(
             clientId: GoogleClientId(string: "com.app.123-abc")!,
diff --git a/WordPressAuthenticatorTests/GoogleSignIn/URLRequest+GoogleSignInTests.swift b/WordPressAuthenticatorTests/GoogleSignIn/URLRequest+GoogleSignInTests.swift
index e366bc380..384bb5556 100644
--- a/WordPressAuthenticatorTests/GoogleSignIn/URLRequest+GoogleSignInTests.swift
+++ b/WordPressAuthenticatorTests/GoogleSignIn/URLRequest+GoogleSignInTests.swift
@@ -8,7 +8,7 @@ class URLRequestOAuthTokenRequestTests: XCTestCase {
         clientSecret: "b",
         audience: "audience",
         code: "c",
-        codeVerifier: ProofKeyForCodeExchange.CodeVerifier.makeRandomCodeVerifier(),
+        codeVerifier: ProofKeyForCodeExchange.CodeVerifier.fixture(),
         grantType: "e",
         redirectURI: "f"
     )
diff --git a/WordPressAuthenticatorTests/OAuth/OAuthTokenRequestBodyTests.swift b/WordPressAuthenticatorTests/OAuth/OAuthTokenRequestBodyTests.swift
index ad713dc0e..917f5e75a 100644
--- a/WordPressAuthenticatorTests/OAuth/OAuthTokenRequestBodyTests.swift
+++ b/WordPressAuthenticatorTests/OAuth/OAuthTokenRequestBodyTests.swift
@@ -4,13 +4,13 @@ import XCTest
 class OAuthTokenRequestBodyTests: XCTestCase {
 
     func testURLEncodedDataConversion() throws {
-        let codeVerifier = (0..<43).map { _ in "a" }.joined()
+        let codeVerifier = ProofKeyForCodeExchange.CodeVerifier.fixture()
         let body = OAuthTokenRequestBody(
             clientId: "clientId",
             clientSecret: "clientSecret",
             audience: "audience",
             code: "codeValue",
-            codeVerifier: try XCTUnwrap(ProofKeyForCodeExchange.CodeVerifier(value: codeVerifier)),
+            codeVerifier: codeVerifier,
             grantType: "grantType",
             redirectURI: "redirectUri"
         )
@@ -21,7 +21,7 @@ class OAuthTokenRequestBodyTests: XCTestCase {
 
         XCTAssertTrue(decodedData.contains("client_id=clientId"))
         XCTAssertTrue(decodedData.contains("client_secret=clientSecret"))
-        XCTAssertTrue(decodedData.contains("code_verifier=\(codeVerifier)"))
+        XCTAssertTrue(decodedData.contains("code_verifier=\(codeVerifier.rawValue)"))
         XCTAssertTrue(decodedData.contains("grant_type=grantType"))
         XCTAssertTrue(decodedData.contains("redirect_uri=redirectUri"))
     }
diff --git a/WordPressAuthenticatorTests/OAuth/ProofKeyForCodeExchangeTests.swift b/WordPressAuthenticatorTests/OAuth/ProofKeyForCodeExchangeTests.swift
index 1f40a5f66..e48cc21d2 100644
--- a/WordPressAuthenticatorTests/OAuth/ProofKeyForCodeExchangeTests.swift
+++ b/WordPressAuthenticatorTests/OAuth/ProofKeyForCodeExchangeTests.swift
@@ -4,7 +4,7 @@ import XCTest
 class ProofKeyForCodeExchangeTests: XCTestCase {
 
     func testCodeChallengeInPlainModeIsTheSameAsCodeVerifier() {
-        let codeVerifier = ProofKeyForCodeExchange.CodeVerifier.makeRandomCodeVerifier()
+        let codeVerifier = ProofKeyForCodeExchange.CodeVerifier.fixture()
 
         XCTAssertEqual(
             ProofKeyForCodeExchange(codeVerifier: codeVerifier, method: .plain).codeCallenge,