When I send the Auth request, the user is redirected to the login page. Is there a recommended way to store the code_verifier while the redirect happens? Local storage? Cookie?
Per the possible storage types you mentioned I’m assuming this is a SPA so one possibility could be to use an higher-level SDK and leave that detail for the SDK. I think the Auth0 SPA SDK (Auth0 Single Page App SDK) uses cookies as the default storage mechanism for such data.
One advantage of cookies is that you can get automatic cleanup done by the browser for cases where a login request may be abandoned by the user.