A few days ago I saw a video by Aaron Parecki talking about PKCE. It seems to be a useful improvement to OAuth and Indieauth.
So today I added this to the weblog. It can now do the extra verification that happens, because of PKCE. It was pretty simple as you can add it as a few steps between the normal authentication. The structure itself stays very much the same. So this was the authorization server side of the protocol. Now I should add this to the clients that I created.