RFC 7636: Proof Key for Code Exchange

tools.ietf.org/html/rfc7636

PKCE (RFC 7636) is a technique to secure public clients that don't use a client secret.

It is primarily used by native and mobile apps, but the technique can be applied to any public client as well. It requires additional support by the authorization server, so it is only supported on certain providers.

More resources