I understand that the API isn’t in active development, but is there any plans to implement PKCE for OAuth2 in order to harden the API against interception attacks? I’m working on my own OAuth provider at the moment and it seems like it’d be pretty easy to add.
Some work on the api is being mulled, however implementing PKCE is not among the potential changes at this moment.