Public Clients implicitly require PKCE (Challenge authentication) #304
Description
Currently enabling Public Client implicitly forces PKCE on the client. Although this is recommended and a smart thing to do, not all clients support PKCE and ultimately PKCE does not replace client_secret but adds a different kind of protection against unauthorized use of the code.
Ultimately, enabling PKCE should be up to the Client's discretion and therefor an extra config parameter for the client.