Add consent/login to the OAuth2 authorization code flow

[thomas-advantitge]

Authorizer can serve as OAuth2 server while performing the "authorization code grant" flow. In this flow, a user is redirected to /authorize (https://docs.authorizer.dev/core/endpoints#authorize) which typically shows a consent screen to login and optionally configure permissions. After login, a code is returned which can be passed to the /oauth/token endpoint (https://docs.authorizer.dev/core/endpoints#oauthtoken).

Currently, Authorizer immediately returns a code regardless of a consent screen.

Discussed in https://github.com/authorizerdev/authorizer/discussions/334

^{Originally posted by **thomas-advantitge** March 9, 2023} I'm trying to use Authorizer as an OAuth2 server (OpenID compatible). Executing the following request: ``` /authorize?state=&client_id=&response_type=code ``` results in a redirect (even without code_challenge specified) to: ``` /app/?state=&scope=openid%20profile%20email&redirect_uri=/app&code= ``` This behaviour happens regardless of an existing session or not. In case of no session, the login form of the `/app` application is shown. However, an authorization code (`` in the path above) is already present. Is this expected without the user first proving login/consent? I'm referring to step 4-5-6 in the below diagram (https://auth0.com/docs/get-started/authentication-and-authorization-flow/authorization-code-flow-with-proof-key-for-code-exchange-pkce#how-it-works): ![auth-sequence-auth-code-pkce](https://user-images.githubusercontent.com/66438062/224157121-ea0ad771-488d-4c9c-9986-c21f3a54bf69.png)