[Bug]: Missing PKCE support for OIDC to protect against Authorization Code Interception Attacks

### What happened?

I'm using [kanidm](https://kanidm.com) as my IdP and OIDC provider, which enforces PKCE (and ideally ES256) support. This is important to prevent Authorization Code Interception Attacks on mobile devices. See [Okta's writeup](https://developer.okta.com/docs/concepts/oauth-openid/#authorization-code-flow-with-pkce-flow) or [this stackexchange post](https://security.stackexchange.com/a/186997) for more information.

### Distribution version

Linux

### App Version

_No response_

### What browsers are you seeing the problem on if you're using web version?

Other

### Are you self-hosting?

- [x] Yes

### Self-hosting Version

v0.24.3

### Relevant log output

```shell

```

### Anything else?

_No response_

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

[Bug]: Missing PKCE support for OIDC to protect against Authorization Code Interception Attacks #13730

What happened?

Distribution version

App Version

What browsers are you seeing the problem on if you're using web version?

Are you self-hosting?

Self-hosting Version

Relevant log output

Anything else?

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

[Bug]: Missing PKCE support for OIDC to protect against Authorization Code Interception Attacks #13730

Description

What happened?

Distribution version

App Version

What browsers are you seeing the problem on if you're using web version?

Are you self-hosting?

Self-hosting Version

Relevant log output

Anything else?

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions