Add support for OAuth 2.0 Public Clients to the NAESB ESPI standard and incorporate RFC 7636 #4
Description
The current NAESB REQ.21 ESPI standard only supports OAuth 2.0 Confidential Clients. While it is possible for OAuth public clients to be used, it requires the use of a web server proxy which complicates the interface and development for Public Clients.
OAuth 2.0 introduced RFC 7636 - Proof Key for Code Exchange by OAuth Public Clients which is an extension to the OAuth Authorization Code request to prevent CSRF and authorization code injection attacks.