This pull implements PKCE support (RFC7636). It is originally based on pull #452, but has been cleaned up a bit. Changes should be almost identical to pull #658, but cleaned up for Typescript.

Summary of changes:

1. PKCE is completely optional. If the PKCE-related parameters (code_challenge, code_challenge_method, and code_verifier) are not passed to the server, the server behaves exactly the same as before. PKCE mode is enabled only when:

• code_challenge (and optionally code_challenge_method) parameters are included during authorization code grant.
• code_verifier parameter is included during token grant. When code_verifier parameter is included, client_secret is ignored since we are using PKCE for authentication.

2. This change introduces 2 new optional fields (codeChallenge and codeChallengeMethod) to the authorization code model. Changes are required to Model#saveAuthorizationCode and Model#getAuthorizationCode to persist and retrieve these 2 new fields if they are present.
3. 100% backwards compatible with existing implementations. If existing servers do not update the Model#saveAuthorizationCode and Model#getAuthorizationCode methods, they will continue to work just as they did before the change.
4. Added lots of tests and updated the documentation.

Example of my changes to saveAuthorizationCode for a MongoDB model (in Typescript):

 const mongoOAuthCodeGrant = {
 code: code.authorizationCode,
 expires_at: code.expiresAt,
 redirect_uri: code.redirectUri,
 scope: code.scope,
 client_id: client.id,
 user_id: userId,
 oauth_client_id: mongoOAuthClient._id,
 };
 if (code.codeChallenge) {
 mongoOAuthCodeGrant.code_challenge = code.codeChallenge;
 if (code.codeChallengeMethod) {
 mongoOAuthCodeGrant.code_challenge_method = code.codeChallengeMethod;
 }
 }
 const saveResult = await db
 .collection(oauthAuthCodeGrantsCollectionName)
 .insertOne(mongoOAuthCodeGrant);

Example of my changes to getAuthorizationCode for a MongoDB model (in Typescript)

 const mongoAuthCodeGrant = await db
 .collection(oauthAuthCodeGrantsCollectionName)
 .findOne({code: authorizationCode});
 const user = await getUserById(mongoAuthCodeGrant.user_id);
 const client = await getClientById(mongoAuthCodeGrant.client_id);
 const grant: OAuthCodeGrant = {
 authorizationCode: mongoAuthCodeGrant.code,
 expiresAt: mongoAuthCodeGrant.expires_at,
 redirectUri: mongoAuthCodeGrant.redirect_uri,
 scope: mongoAuthCodeGrant.scope,
 client: client,
 user: user,
 };
 if (mongoAuthCodeGrant.code_challenge) {
 grant.codeChallenge = mongoAuthCodeGrant.code_challenge;
 if (mongoAuthCodeGrant.code_challenge_method) {
 grant.codeChallengeMethod = mongoAuthCodeGrant.code_challenge_method;
 }
 }