properly set PKCE values if client_secret is not present in configura…

[htakemoto]

Description of changes:

The following command (without client_secret params) works fine. However it generates "client_secret": "None" instead of "client_secret": null

python cli.py \
	--client_id client-id \ 
	--cloudfront_host cloudfront-host \
	--idp_domain_name idp-domain-name \
	--idp_name idp

The "None" value impacts on auth.js to set PKCE values (line 259)

	// set PKCE values if client_secret is not present in configurations
	if (!config.TOKEN_REQUEST.client_secret) {
		config.AUTH_REQUEST.code_challenge_method = "S256";
		config.AUTH_REQUEST.code_challenge = pkceCodeChallenge;
		config.AUTH_REQUEST.state = "state";
		config.TOKEN_REQUEST.code_verifier = pkceCodeVerifier;
	}

My change fixes PKCE auth flow.

[bdellegrazie]

Just FYI, we discovered an issue with Authorisation Code Flow with PKCE in the context of a lambda.

The code verifier and code challenge are randomly created on Lambda startup so if different lambda instances service the initial OIDC redirect and the subsequent callback / token exchange the IdP will 403 the token exchange request as the code verifier is from a different lambda.

I believe that in this context, lambda is better suited to the Authorisation code flow rather than Authorisation code flow with PKCE.