Add client side implementation for PKCE

[amans330]

Client-side PKCE for OAuth2 RFC 7636 is required for applications to have secure communication with the authorization server. OAuth 2.0 public clients utilizing the Authorization Code Grant are susceptible to the authorization code interception attack. PKCE mitigates this issue by adding an extra challenge/verifier parameter with each request it sends to the server.

[amans330]

I am working on this feature. Feel free to get in touch for any comments.

[amans330]

Created PR --> #743

[sharonbz]

This looks like a security issue, is it going fo be fixed in the next release?
This is similar to CVE-2020-7692 that was assigned to the google-oauth-java-client package.

[amans330]

I have raised the above PR. Should be fixed when it's approved.

[sarathsund]

hi, I do have the same issue in jupyterhub requirements dependencies. May i know in which release version this PR fix will be merged ?