Append code (and, when present, the client's original state) as query
parameters to the client's dynamic redirect_uri, producing the Location the
proxy 302s to once the upstream callback fires. The client supplied the
redirect_uri at /authorize; the proxy relays the upstream authorization
code to it so the client can redeem it (with its own PKCE code_verifier)
at the proxy /token endpoint.
Append code (and, when present, the client's original state) as query parameters to the client's dynamic redirect_uri, producing the Location the proxy 302s to once the upstream callback fires. The client supplied the redirect_uri at /authorize; the proxy relays the upstream authorization code to it so the client can redeem it (with its own PKCE code_verifier) at the proxy /token endpoint.