[Security: improvement] PKCE to secure OIDC Authorization Code flow
See https://tools.ietf.org/html/rfc7636
OAuth 2.0 public clients utilizing the Authorization Code Grant are
susceptible to the authorization code interception attack. This
specification describes the attack as well as a technique to mitigate
against the threat through the use of Proof Key for Code Exchange
(PKCE, pronounced "pixy").