PKCE

RU: PKCE

Proof Key for Code Exchange (RFC 7636): an OAuth 2.0 extension that defends against authorization code interception. The client generates a random code_verifier, sends its SHA-256 hash (the code_challenge) with the authorization request, then sends the verifier at the token endpoint; the server checks that the hash matches, proving the token requester is the same party that initiated the flow.