Hey everyone! We just released PKCE in GA. PKCE is an OAuth extension that enables Mobile, Desktop, and Single-Page applications to securely complete the OAuth flow without having to store a client_secret in the application, but rather enabling a code_challenge and code_verifier to ensure only the originator of the flow has the keys.
This is a secure way of authorizing access while also supporting you to build an application without a back-end server.
To build an app with the PKCE OAuth extension, include the code_challenge parameter in the Authorize request.
Check out the docs to get started.