WTF is PKCE and Why Should You Care?

PKCE is a mechanism to make the use of OAuth 2.0 Authorization Code grant more secure in certain cases. PKCE prevents an “Authorization Code Interception Attack” The “code verifier” is a random code which meets a certain requirement. The code verifier and the code challenge is created by the client app. Each pair is used only once and cannot be intercepted by an attacker. The Code Verifier and Code Challenge method are optional and the ‘code challenge method’ is optional and it’s used to state the method used.