Device Authorization has no PKCE Support
The methods
rp.DeviceAuthorization and rp.DeviceAccessToken don't support PKCE for OPs that require PKCE for device authorization. rp.DeviceAuthorization does support a custom authFn, so you can pass a custom http.FormAuthorization function that adds the code_challenge and code_challenge_method. However, rp.DeviceAccessToken doesn't support an auth function. We worked around this limitation by creating a custom http RoundTripper that adds code_verifier to the form data and then rewrites the request body before sending it. Should I open an issue for this?
