PKCE (Proof Key for Code exchange)
Think of it as a "Secret Handshake" that ensures the person who starts a login is the exact same person who finishes it.
It was originally built for mobile and single-page apps (SPAs) because they can't hide a Client Secret (password) in their source...
techexplainbysayan.hashnode.dev2 min read