PKCEä

PKCE stands for Proof Key for Code Exchange. It is an extension to the OAuth 2.0 authorization code grant flow designed to mitigate the security risk of authorization code interception. This attack vector is particularly relevant for public clients, such as native mobile applications and single-page web applications, which cannot securely store client secrets.

The PKCE flow involves the client generating a random string called the "code verifier". This code verifier

When the client exchanges the authorization code for an access token, it must also send the original