Introduce passing in PKCE and nonce to authenticate client?

[Zysberg]

Using PKCE with a nonce is more secure and highly recommended.
Unless I just poorly misunderstand the codebase, there's no way to generate PKCE code challenge/exchange and nonces to verify the client.

[Zysberg]

If my comment above is not detailed enough, please let me know

[simenandre]

Thanks for opening the issue.

This seems like a good addition to oidc-react. Feel free to open a PR if you want. I would likely see if there is some hook or feature in oidc-client-ts as well. Contributions from you are what keep our project alive!