Difference between using authorization code or not?

Hello and sorry for the noob question,

I just started using Okta and last week I finally set up authorization for a react SPA following your tutorial (first set up afterall!) and everything works perfectly.

This week I’m trying to implement Okta in a new React SPA but there are some differences: now as default I have “Authorization code” turned on by default, so I’d love to know what is the difference between my first app and second app, authentication wise, given that this setting changed.

Also in the tutorial there’s this additional line when setting up the OktaSignInWidget i have to add, but no explanation why:

  authParams: {
    pkce: true
  }

why’s that? Why’s it needed and before it wasn’t?

Thanks in advance!