Authorization Code with PKCE
← Back to Grant Types
The recommended OAuth 2.0 flow for most applications. PKCE (Proof Key for Code Exchange) adds a code verifier/challenge pair that prevents authorization code interception attacks. Originally designed for mobile apps, now recommended for all OAuth clients including web apps.