feat: add PKCE support for OAuth2 Authorization Code flows (#5361)

* Add PKCE support.

* Fix tests

* Update oauth2.md

* Rename usePkce

* Fix the BrokenComponent error

* Update oauth2.md

* Remove isCode variable. Remove uuid4 dependency.

* Remove utils functions

* Import crypto

* Fix tests

* Fix the tests

* Cleanup

* Fix code_challenge generation

* Move code challenge and verifier to utils for mocks. Update tests.

* Mock the PKCE methods in the utils file properly.

* Add missing expect

* use target-method spies

* Add comments to explain test values.

* Get rid of jsrsasign.

test/mocha/core/oauth2-authorize.js

@@ -1,8 +1,8 @@
 /* eslint-env mocha */
-import expect, { createSpy } from "expect"
-import { fromJS } from "immutable"
+import expect, { spyOn } from "expect"
 import win from "core/window"
 import oauth2Authorize from "core/oauth2-authorize"
+import * as utils from "core/utils"
 
 describe("oauth2", function () {
 
@@ -20,20 +20,55 @@ describe("oauth2", function () {
   }
 
   describe("authorize redirect", function () {
-
     it("should build authorize url", function() {
-      win.open = createSpy()
+      const windowOpenSpy = spyOn(win, "open")
       oauth2Authorize(authConfig)
-      expect(win.open.calls.length).toEqual(1)
-      expect(win.open.calls[0].arguments[0]).toMatch("https://testAuthorizationUrl?response_type=code&redirect_uri=&state=")
+      expect(windowOpenSpy.calls.length).toEqual(1)
+      expect(windowOpenSpy.calls[0].arguments[0]).toMatch("https://testAuthorizationUrl?response_type=code&redirect_uri=&state=")
+
+      windowOpenSpy.restore()
     })
 
     it("should append query parameters to authorizeUrl with query parameters", function() {
-      win.open = createSpy()
+      const windowOpenSpy = spyOn(win, "open")
       mockSchema.authorizationUrl = "https://testAuthorizationUrl?param=1"
       oauth2Authorize(authConfig)
-      expect(win.open.calls.length).toEqual(1)
-      expect(win.open.calls[0].arguments[0]).toMatch("https://testAuthorizationUrl?param=1&response_type=code&redirect_uri=&state=")
+      expect(windowOpenSpy.calls.length).toEqual(1)
+      expect(windowOpenSpy.calls[0].arguments[0]).toMatch("https://testAuthorizationUrl?param=1&response_type=code&redirect_uri=&state=")
+      
+      windowOpenSpy.restore()
     })
+
+    it("should send code_challenge when using authorizationCode flow with usePkceWithAuthorizationCodeGrant enabled", function () {
+      const windowOpenSpy = spyOn(win, "open")
+      mockSchema.flow = "authorizationCode"
+
+      const expectedCodeVerifier = "mock_code_verifier"
+      const expectedCodeChallenge = "mock_code_challenge"
+      
+      const generateCodeVerifierSpy = spyOn(utils, "generateCodeVerifier").andReturn(expectedCodeVerifier)
+      const createCodeChallengeSpy = spyOn(utils, "createCodeChallenge").andReturn(expectedCodeChallenge)
+
+      authConfig.authConfigs.usePkceWithAuthorizationCodeGrant = true
+
+      oauth2Authorize(authConfig)
+      expect(win.open.calls.length).toEqual(1)
+
+      const actualUrl = new URLSearchParams(win.open.calls[0].arguments[0])
+      expect(actualUrl.get("code_challenge")).toBe(expectedCodeChallenge)
+      expect(actualUrl.get("code_challenge_method")).toBe("S256")
+
+      expect(createCodeChallengeSpy.calls.length).toEqual(1)
+      expect(createCodeChallengeSpy.calls[0].arguments[0]).toBe(expectedCodeVerifier)
+
+      // The code_verifier should be stored to be able to send in
+      // on the TokenUrl call
+      expect(authConfig.auth.codeVerifier).toBe(expectedCodeVerifier)
+
+      // Restore spies
+      windowOpenSpy.restore()
+      generateCodeVerifierSpy.restore()
+      createCodeChallengeSpy.restore()
+    })    
   })
 })