Make EnforcePKCE confurable

[damienbr]

Is your feature request related to a problem? Please describe.

In the context of PKCE, we would like to configure hydra to enforce it.

Describe the solution you'd like
There is a parameter in hydra that is hardcoded with 'false' as a value.
We could make it configurable.

Describe alternatives you've considered

Should that parameter be configurable per client or for the whole system?

[damienbr]

registry_base.go#L233

[aeneasr]

Open to a PRs - I think globally makes most sense here

[dteoh]

I tried setting OAUTH2_PKCE_ENFORCED to "true" and "1", and tried to see what would happen if I did not send the code_challenge and code_challenge_method parameters. To my surprise, no error was raised.

After looking through the codebase, I see that EnforcePKCE is not actually used anywhere, it is a write-only variable.

[aeneasr]

I'm closing this issue because the feature was implemented. If you have a problem with this feature, please open a new issue and fill out the issue template as important information, like the software version, are missing.