Authorization Code Flow with PKCE

Authorization code flow with proof key for code exchange (PKCE) is for public clients who cannot keep their client secret confidential. PKCE allows dynamic client secrets to be generated which allows the OIDC server to bind code exchange request to the original authorization code request.

A crypto random value is generated and sent to an authorized endpoint to get the authorization code. Then, to get the token, the originally generated random value is sent along with the code, so that OIDC server will validate if the same client requests the token for which the code was sent.