Deprecate dangerous feature

src/controllers/openid_controller.rs

@@ -308,7 +308,6 @@ pub async fn token(req: HttpRequest,
             }
 
             // Check code challenge, if needed
-            if !client.disable_code_verifier.unwrap_or(false) {
             if let Some(chall) = &session.code_challenge {
                 let code_verifier = match &q.code_verifier {
                     None => {
@@ -321,7 +320,7 @@ pub async fn token(req: HttpRequest,
                     return Ok(error_response(&query, "invalid_grant", "Invalid code verifier"));
                 }
             }
-            }
+
 
             if session.access_token.is_some() {
                 return Ok(error_response(&query, "invalid_request", "Authorization code already used!"));

src/data/client.rs

@@ -11,7 +11,6 @@ pub struct Client {
     pub description: String,
     pub secret: String,
     pub redirect_uri: String,
-    pub disable_code_verifier: Option<bool>,
 }
 
 impl PartialEq for Client {