RFC 7636 : Proof Key for Code Exchange (PKCE, pronounced "pixy") is a specification about a countermeasure against the authorization code interception attack.
The specification was released on September, 2015. It has added:
code_challenge_methodparameter to authorization requests using the authorization code flow, and
code_verifierparameter to token requests that correspond to the authorization requests.
This mechanism enables an authorization server to reject a token request from a malicious application that does not have a code verifier.