- Whenever you create a new Connected App (by the way, they are called External Client App now), there are some checkboxes selected by default, and one of them is Require Proof Key for Code Exchange (PKCE).
- This security setting has been added recently.
- If you’re establishing connection using OAuth2 settings with Postman, make sure to unselect that checkbox because PKCE is not offered by Postman as a first choice.
SFDCWallah 
Leave a comment