Device Authorization has no PKCE Support

The methods

rp.DeviceAuthorization

rp.DeviceAuthorization

and

rp.DeviceAccessToken

rp.DeviceAccessToken

don't support PKCE for OPs that require PKCE for device authorization.

rp.DeviceAuthorization

rp.DeviceAuthorization

does support a custom

authFn

authFn

, so you can pass a custom

http.FormAuthorization

http.FormAuthorization

function that adds the

code_challenge

code_challenge

and

code_challenge_method

code_challenge_method

. However,

rp.DeviceAccessToken

rp.DeviceAccessToken

doesn't support an auth function. We worked around this limitation by creating a custom http RoundTripper that adds

code_verifier

code_verifier

to the form data and then rewrites the request body before sending it. Should I open an issue for this?