A code verifier is a cryptographic random string used in OAuth 2.0 authorization flows to enhance security by preventing authorization code interception attacks. It is part of the PKCE (Proof Key for Code Exchange) extension, which ensures that the authorization code can only be exchanged for a token by the client that initiated the request.