/oauth2/authorize

This endpoint is used to initiate the OAuth 2.0 authorization code flow using the authorization code grant type with support for PKCE.

Public clients, as defined by RFC 6749, are OAuth clients that are unable to securely store client secrets, such as browser-based applications or mobile applications. For public clients, the authorization process is different, as they cannot present a client secret to the authorization server. Instead, public clients use other mechanisms, such as redirects or proof of possession of client credentials, to secure the authorization process.