Previously @hollo used cryptography for authorization codes and access tokens, this had some implications such as preventing us from implementing PKCE, which requires state to be tracked between the authorize screen and the authorization code token exchange.

So this paves the path to supporting PKCE in Hollo.