The redirect_uri of the external sso / idp should be registered as a "Web" instead of SPA.
I had the same issue with my project, my Azure AD tenant set up as an identity provider was giving me "AADSTS9002325: Proof Key for Code Exchange is required for cross-origin authorization code redemption error".
I set it up based on this but had everything changed to SPA as I thought that was what was needed based on the SPA tutorials which i followed: https://learn.microsoft.com/en-us/azure/active-directory-b2c/configure-authentication-sample-react-spa-app
I was at a lost and changed a lot of parameters, I tried changing everything to web but it caused some errors afterwards, it seems the best is to only change the auth resp to web. I don't exactly understand why either but it fixed the PKCE error without any of the other weirdness.