feat: implement PKCE code_verifier storage in sessionStorage for brow…

[nadeem-cs]

…ser SPAs

• Added pkceStorage.js module to handle code_verifier persistence.
• Updated OAuthHandler to utilize sessionStorage for storing and retrieving code_verifier.
• Enhanced token exchange process to clear code_verifier on success or error to prevent replay attacks.
• Added unit tests for PKCE storage functionality.

[github-actions]

Coverage report for commit: 36ce251
File: coverage/clover.xml

Cover ┌─────────────────────────┐ Freq.
   0% │ ░░░░░░░░░░░░░░░░░░░░░░░ │  0.0%
  10% │ ░░░░░░░░░░░░░░░░░░░░░░░ │  0.0%
  20% │ ██░░░░░░░░░░░░░░░░░░░░░ │  2.2%
  30% │ ░░░░░░░░░░░░░░░░░░░░░░░ │  0.0%
  40% │ ░░░░░░░░░░░░░░░░░░░░░░░ │  0.0%
  50% │ ░░░░░░░░░░░░░░░░░░░░░░░ │  0.0%
  60% │ ░░░░░░░░░░░░░░░░░░░░░░░ │  0.0%
  70% │ ██████░░░░░░░░░░░░░░░░░ │  8.7%
  80% │ ███████████████████████ │ 39.1%
  90% │ █████████████░░░░░░░░░░ │ 21.7%
 100% │ █████████████████░░░░░░ │ 28.3%
      └─────────────────────────┘
 *Legend:* █ = Current Distribution 

Summary - Lines: 82.46% | Methods: 95.88% | Branches: 68.29%

Files	Lines	Methods	Branches
lib
contentstack.js	100.00%	100.00%	100.00%
contentstackClient.js	83.02%	92.86%	69.35%
contentstackCollection.js	94.12%	100.00%	86.67%
entity.js	76.22%	100.00%	64.00%
lib/core
Util.js	77.68%	94.44%	62.82%
concurrency-queue.js	71.99%	72.22%	66.05%
contentstackError.js	100.00%	100.00%	100.00%
contentstackHTTPClient.js	85.71%	92.31%	74.76%
errorMessages.js	100.00%	100.00%	75.00%
oauthHandler.js	90.85%	100.00%	68.63%
pkceStorage.js	100.00%	100.00%	100.00%
lib/organization
index.js	72.73%	100.00%	53.09%
lib/organization/teams
index.js	89.47%	100.00%	65.79%
lib/organization/teams/stackRoleMappings
index.js	78.57%	100.00%	51.16%
lib/organization/teams/teamUsers
index.js	100.00%	100.00%	93.75%
lib/query
index.js	73.91%	100.00%	61.82%
lib/stack/asset/folders
index.js	100.00%	100.00%	100.00%
lib/stack/asset
index.js	86.42%	100.00%	74.26%
lib/stack/auditlog
index.js	91.67%	100.00%	71.88%
lib/stack/branch
compare.js	68.18%	100.00%	62.50%
index.js	94.87%	100.00%	77.78%
mergeQueue.js	83.33%	100.00%	63.16%
lib/stack/branchAlias
index.js	79.31%	100.00%	60.98%
lib/stack/contentType/entry
index.js	83.04%	100.00%	59.29%
lib/stack/contentType/entry/variants
index.js	79.31%	100.00%	61.54%
lib/stack/contentType
index.js	84.85%	100.00%	70.51%
lib/stack/deliveryToken
index.js	95.24%	80.00%	89.47%
lib/stack/deliveryToken/previewToken
index.js	21.43%	25.00%	14.29%
lib/stack/environment
index.js	100.00%	100.00%	100.00%
lib/stack/extension
index.js	93.88%	100.00%	85.71%
lib/stack/globalField
index.js	91.67%	100.00%	82.35%
lib/stack
index.js	80.66%	92.86%	70.61%
lib/stack/label
index.js	100.00%	100.00%	100.00%
lib/stack/locale
index.js	100.00%	100.00%	100.00%
lib/stack/managementToken
index.js	100.00%	100.00%	94.44%
lib/stack/release
index.js	80.00%	100.00%	60.32%
lib/stack/roles
index.js	100.00%	100.00%	100.00%
lib/stack/taxonomy
index.js	80.60%	100.00%	57.95%
lib/stack/taxonomy/terms
index.js	78.57%	100.00%	57.69%
lib/stack/variantGroup
index.js	81.58%	100.00%	60.47%
lib/stack/variantGroup/variants
index.js	77.50%	100.00%	54.90%
lib/stack/variants
index.js	76.32%	100.00%	53.19%
lib/stack/webhook
index.js	84.48%	100.00%	67.80%
lib/stack/workflow
index.js	83.64%	100.00%	67.69%
lib/stack/workflow/publishRules
index.js	100.00%	100.00%	100.00%
lib/user
index.js	91.43%	100.00%	78.57%

_{🤖 comment via lucassabreu/comment-coverage-clover}

[aman19K]

@nadeem-cs , can we use httpcookies instead of session storage? Session storage might create security issue.

[nadeem-cs]

@aman19K Actually using sessionStorage is more recommended approach for the issue we're trying to resolve here - browser compatibility. It does not give any security concern. It will be only risky if the app has XSS bug , only then it can read the session cookie. Otherwise this is more recommended approach.