Allow to use PKCE

[sbrunner]

Proof Key for Code Exchange
Defined by RFC7636
https://www.rfc-editor.org/rfc/rfc7636

To be use as:

import pkce

client = OpenidClient.from_issuer_url(
    url="https://provider.example.com/openid",
    authentication_redirect_uri="https://myapp.example.com/login-callback",
    client_id="client-id",
)
code_verifier, code_challenge = pkce.generate_pkce_pair()

def on_login():
    # this method should be called when the user wants to log in
    # it returns an HTTP redirect to the Openid provider
    return HttpRedirect(to=client.authorization_code_flow.start_authentication(
                    code_challenge=code_challenge,
                    code_challenge_method="S256"
    ))

def on_login_callback(current_url):
    token_response = client.authorization_code_flow.handle_authentication_result(
        current_url,
        code_verifier=code_verifier,
        code_challenge=code_challenge,
        code_challenge_method="S256",
    )
    # token_response now contains access and id tokens
    ...

[lilioid]

Thanks for contributing!

Are you willing to work on this more or is this more of a pointer to what's missing and how to implement it?

I have not tested this PR in depth but the added functionality is definitely a good thing to have.
A few things though:

• I have marked two sections of code with some minor details. Please address those.
• I would very much like to document this a bit better. This could be as an example in the documentations Usage Section or as part of the docstrings.
• In your PR description you use pkce.generate_pkce_pair(). Even though generating pkce pairs is not very complex, I would like to provide that functionality as part of this library. So if you've implemented that part already, please commit the pkce.py file.

[sbrunner]

Thanks for the review, updated :-)
The pkce code comes from this package: https://pypi.org/project/pkce/
It's true that's relay simple, but I'm not sure that good to copy this code, other proposition it to add it as a dependency or an extra dependency, what do you want me to do?

[lilioid]

Thanks for the review, updated :-) The pkce code comes from this package: pypi.org/project/pkce It's true that's relay simple, but I'm not sure that good to copy this code, other proposition it to add it as a dependency or an extra dependency, what do you want me to do?

I'm not really a fan of micro-packages so I would prefer copying the relevant PKCE code over into our source tree

[sbrunner]

@ftsell done :-)

[lilioid]

Thanks. Especially for mentioning where the pkce code was taken from.
I'd eventually like to also add tests and convert the pkce docstrings to our format but for now we can merge this PR if you want