RFC 7636: Proof Key for Code Exchange

tools.ietf.org/html/rfc7636

PKCE (RFC 7636) is an extension to the Authorization Code flow to prevent certain attacks and to be able to securely perform the OAuth exchange from public clients.

It is primarily used by mobile and JavaScript apps, but the technique can be applied to any client as well.

More resources