Solutionunvalidated
PKCE protects against a specific vulnerability. — if something can intercept the redirect. Tension: the `code` alone is useless because they need the `code_verifier`. Outcome: they need the `code_verifier` which lives in the app that originally initiated the `authorization_code` flow.
a489778f-2d81-4da9-a5d6-2c1b61a933b3
PKCE protects against a specific vulnerability. — if something can intercept the redirect. Tension: the code alone is useless because they need the code_verifier. Outcome: they need the code_verifier which lives in the app that originally initiated the authorization_code flow.