but still getting the error Auth ErrorError, error: invalid_client, description: Browser requests to the token endpoint must use Proof Key for Code Exchange.
A search resulted in this article which does not mention how to remove the origin header from being passed.
The documentation is slightly misleading. For PKCE you must have the origin header. The catch is that you must not send client_secret . Setting this field to “” or even removing this setting on swagger (depending what swagger library/implementation you are using) will solve the problem