- Added GenerateCodeVerifier() and GenerateCodeChallenge() methods to base OidcService
- Implemented PKCE (Proof Key for Code Exchange) for Google OAuth flow:
* Generate cryptographically secure code verifier (256-bit random)
* Create SHA-256 code challenge for authorization request
* Cache code verifier with 15-minute expiration for token exchange
* Validate and remove code verifier during callback to prevent replay attacks
- Enhances security by protecting against authorization code interception attacks
- Uses S256 (SHA-256) code challenge method as per RFC 7636
LittleSheep
74a9ca98ad
