Identity Security Cloud’s authorization implementation does not currently support PKCE yet. This is something that we are looking at with OAuth 2.1 adoption since it requires PKCE. Unfortunately I don’t have any timings yet.
Not sure if you’ve seen it but you can use an Authorization Code flow without PKCE as I setup in my Developer Days presentation.