fix(pkce): retrieve code challenge and method from either body or query

Author: jankapunkt

lib/handlers/authorize-handler.js

@@ -376,7 +376,7 @@ AuthorizeHandler.prototype.updateResponse = function(response, redirectUri, stat
 };
 
 AuthorizeHandler.prototype.getCodeChallenge = function(request) {
-  return request.body.code_challenge;
+  return request.body.code_challenge || request.query.code_challenge;
 };
 
 /**
@@ -387,7 +387,7 @@ AuthorizeHandler.prototype.getCodeChallenge = function(request) {
  *  (see https://www.rfc-editor.org/rfc/rfc7636#section-4.4)
  */
 AuthorizeHandler.prototype.getCodeChallengeMethod = function(request) {
-  const algorithm = request.body.code_challenge_method;
+  const algorithm = request.body.code_challenge_method || request.query.code_challenge_method;
 
   if (algorithm && !pkce.isValidMethod(algorithm)) {
     throw new InvalidRequestError(`Invalid request: transform algorithm '${algorithm}' not supported`);