Support options (code_challenge and code_challenge_method) for OpenID Connect

Problem to solve

One of our premium customers are trying to configure OpenID Connect as an OmniAuth provider on Gitlab 12.10 They are using EU Login as the Identity provider and following documentation at https://docs.gitlab.com/ee/administration/auth/oidc.html . It follows OAuth 2.0 Security Best Current Practice and adds the mandatory use of PKCE (RFC7636) in the OpenID Connect code flow. We should support the ability to confgure omniauth_provider to force the insertion of the needed fields (code_challenge and code_challenge_method). It doesn’t look like we support those options yet.

ZD - GitLab Internal