OAuth2 PKCE and client secret

[acquleo]

Description

I'm trying to use OAuth2 provider using PKCE.
The client I'm using is generating a code_challenge to use PKCE instead of the client secret.

"https://server:6443/login/oauth/authorize?response_type=code&state=FZTFQLkJnDLfuUKNWwfBCA&code_challenge=U6s7WQpA0soQBrhWSf3_FqQuDCw7aZ4TNd53lfX8-Is&code_challenge_method=S256&client_id=26b39a6d-fb09-417b-aa59-9d9866290983&scope=package&redirect_uri=https%3A%2F%2F127.0.0.1%3A5014%2Fauthentication%2Flogin-callback"

the problem is that gitea returns the following response:
"https://127.0.0.1:5014/authentication/login-callback?code=gta_63q4l4vexpx2e5zmajgv7znj2wc5bsk2nc3fswjb76j3gsvwehxq&state=FZTFQLkJnDLfuUKNWwfBCA"

containing the following error:
ValueKind = Object : "{"error":"unauthorized_client","error_description":"invalid client secret"}"

if I configure the client secret it works.

Is it possible that there is a problem into gitea PKCE management?

Gitea Version

1.19.3

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

Ubuntu 22.04.2 LTS

How are you running Gitea?

I'm running GITEA as stack on docker swarm node.
image: gitea/gitea:1.19.3
image: postgres:11-alpine

Database

PostgreSQL

[acquleo]

it looks like is this related to #25033?

[acquleo]

tried gitea 1.20.0-rc-1 successfully