'None' authentication method for authorization code flow with PKCE?

[Nezteb]

Description

According to the docs, there are four supported authentication methods: client_secret_basic, client_secret_post, client_secret_jwt, and private_key_jwt.

As such, all functions in Oidcc require both a client ID and client secret, such as: https://hexdocs.pm/oidcc/Oidcc.Token.html#retrieve/3

Is it possible to support not providing a client secret so that the client can still fetch and exchange access tokens?

[maennchen]

@Nezteb Supporting none wasn't something I considered to implement since the library doesn't currently offer any hybrid / implicit flows.

I'm however open to support them if you or anyone else wants to do a PR:

We can allow :unauthenticated to be passed to all functions that accept a client secret. This is already possible on all functions operating on a client context: https://hexdocs.pm/oidcc/Oidcc.ClientContext.html#t:unauthenticated_t/0