- Added async GetAuthorizationUrlAsync() methods to all OIDC providers
- Updated base OidcService with abstract async contract and backward-compatible sync wrapper
- Modified OidcController to use async authorization URL generation
- Removed sync blocks using .GetAwaiter().GetResult() in Google provider
- Maintained backward compatibility with existing sync method calls
- Eliminated thread blocking and improved async flow throughout auth pipeline
- Enhanced scalability by allowing non-blocking async authorization URL generation
- Added GenerateCodeVerifier() and GenerateCodeChallenge() methods to base OidcService
- Implemented PKCE (Proof Key for Code Exchange) for Google OAuth flow:
* Generate cryptographically secure code verifier (256-bit random)
* Create SHA-256 code challenge for authorization request
* Cache code verifier with 15-minute expiration for token exchange
* Validate and remove code verifier during callback to prevent replay attacks
- Enhances security by protecting against authorization code interception attacks
- Uses S256 (SHA-256) code challenge method as per RFC 7636
- Add BuildAuthorizationParameters() method to reduce authorization URL duplication
- Update GoogleOidcService to use common parameter building method
- Add missing using statements for AppDatabase and AuthService namespaces
- Improve code reusability and eliminate 20+ lines of repeated authorization logic per provider
