Not all authorization providers yet support PKCE layered on top of the normal, secret-based authorization code flow -- for example, Mozilla Accounts explicitly forbids it -- so in order to avoid the next release being a potentially breaking change, let's set the default value of OIDC_USE_PKCE to False.
Not all authorization providers yet support PKCE layered on top of the normal, secret-based authorization code flow -- for example, Mozilla Accounts explicitly forbids it -- so in order to avoid the next release being a potentially breaking change, let's set the default value of
OIDC_USE_PKCE
toFalse
.