OAuth Error: PKCE Required

Proof Key for Code Exchange prevents authorization code interception on mobile and SPA clients. If your library omits code_challenge_method=S256 or drops the verifier on token exchange, the provider rejects the flow.

Ensure your OAuth library stores verifier in session storage or secure memory until the callback completes. Confidential server apps may opt out depending on provider policy—never ship client secrets to browsers.