fix: support OAuth2 PKCE when using the OIDC authorization_code flow (#6914)

* Previous checks only supported the OAuth2 authorizationCode flow and missed the equivalent OIDC flow.

test/unit/core/oauth2-authorize.js

@@ -112,6 +112,38 @@ describe("oauth2", () => {
       createCodeChallengeSpy.mockReset()
     })
 
+    it("should send code_challenge when using authorization_code flow with usePkceWithAuthorizationCodeGrant enabled", () => {
+      const windowOpenSpy = jest.spyOn(win, "open")
+      mockSchema.flow = "authorization_code"
+
+      const expectedCodeVerifier = "mock_code_verifier"
+      const expectedCodeChallenge = "mock_code_challenge"
+
+      const generateCodeVerifierSpy = jest.spyOn(utils, "generateCodeVerifier").mockImplementation(() => expectedCodeVerifier)
+      const createCodeChallengeSpy = jest.spyOn(utils, "createCodeChallenge").mockImplementation(() => expectedCodeChallenge)
+
+      authConfig.authConfigs.usePkceWithAuthorizationCodeGrant = true
+
+      oauth2Authorize(authConfig)
+      expect(win.open.mock.calls.length).toEqual(1)
+
+      const actualUrl = new URLSearchParams(win.open.mock.calls[0][0])
+      expect(actualUrl.get("code_challenge")).toBe(expectedCodeChallenge)
+      expect(actualUrl.get("code_challenge_method")).toBe("S256")
+
+      expect(createCodeChallengeSpy.mock.calls.length).toEqual(1)
+      expect(createCodeChallengeSpy.mock.calls[0][0]).toBe(expectedCodeVerifier)
+
+      // The code_verifier should be stored to be able to send in
+      // on the TokenUrl call
+      expect(authConfig.auth.codeVerifier).toBe(expectedCodeVerifier)
+
+      // Restore spies
+      windowOpenSpy.mockReset()
+      generateCodeVerifierSpy.mockReset()
+      createCodeChallengeSpy.mockReset()
+    })
+
     it("should add list of scopes to authorizeUrl", () => {
       const windowOpenSpy = jest.spyOn(win, "open")
       mockSchema.authorizationUrl = "https://testAuthorizationUrl?param=1"