fix(pkce): get code challenge and method from either body or query (redo #197)

Author: jankapunkt

lib/handlers/authorize-handler.js

@@ -367,7 +367,7 @@ class  AuthorizeHandler {
   }
 
   getCodeChallenge (request) {
-    return request.body.code_challenge;
+    return request.body.code_challenge || request.query.code_challenge;
   }
 
   /**
@@ -378,7 +378,7 @@ class  AuthorizeHandler {
    *  (see https://www.rfc-editor.org/rfc/rfc7636#section-4.4)
    */
   getCodeChallengeMethod (request) {
-    const algorithm = request.body.code_challenge_method;
+    const algorithm = request.body.code_challenge_method || request.query.code_challenge_method;
 
     if (algorithm && !pkce.isValidMethod(algorithm)) {
       throw new InvalidRequestError(`Invalid request: transform algorithm '${algorithm}' not supported`);