A developer is implementing OAuth 2.0 for a mobile app (public client) that needs to access a user's data from a third-party API. To mitigate the authorization code interception attack, which OAuth 2.0 extension should be used?
PKCE provides a secure authorization flow for public clients.
Why this answer
PKCE (Proof Key for Code Exchange) is designed for public clients to prevent interception of the authorization code.