feat: add PKCE support for OAuth2 Authorization Code flows (#5361)

* Add PKCE support.

* Fix tests

* Update oauth2.md

* Rename usePkce

* Fix the BrokenComponent error

* Update oauth2.md

* Remove isCode variable. Remove uuid4 dependency.

* Remove utils functions

* Import crypto

* Fix tests

* Fix the tests

* Cleanup

* Fix code_challenge generation

* Move code challenge and verifier to utils for mocks. Update tests.

* Mock the PKCE methods in the utils file properly.

* Add missing expect

* use target-method spies

* Add comments to explain test values.

* Get rid of jsrsasign.

test/mocha/core/plugins/auth/actions.js

@@ -1,6 +1,9 @@
 /* eslint-env mocha */
 import expect, { createSpy } from "expect"
-import { authorizeRequest } from "corePlugins/auth/actions"
+import {
+  authorizeRequest,
+  authorizeAccessCodeWithFormParams,
+} from "corePlugins/auth/actions"
 
 describe("auth plugin - actions", () => {
 
@@ -144,4 +147,29 @@ describe("auth plugin - actions", () => {
         .toEqual("http://google.com/authorize?q=1&myCustomParam=abc123")
     })
   })
+
+  describe("tokenRequest", function() {
+    it("should send the code verifier when set", () => {
+      const data = { 
+        auth: {
+          schema: {
+            get: () => "http://tokenUrl"
+          },
+          codeVerifier: "mock_code_verifier"
+        }, 
+        redirectUrl: "http://google.com"
+      }
+
+      const authActions = {
+        authorizeRequest: createSpy()
+      }
+
+      authorizeAccessCodeWithFormParams(data)({ authActions })
+
+      expect(authActions.authorizeRequest.calls.length).toEqual(1)
+      const actualArgument = authActions.authorizeRequest.calls[0].arguments[0]
+      expect(actualArgument.body).toContain("code_verifier=" + data.auth.codeVerifier)
+      expect(actualArgument.body).toContain("grant_type=authorization_code")
+    })
+  })
 })