Builds a URI you can redirect a user to to make the authorization request.

By default, PKCE will be used. You can opt out of PKCE by passing { disablePkce: true } in the options.

When using PKCE it is your responsibility to store the returned codeVerifier and associate it with the user's session just like with the state parameter. You have to pass it to the getToken() request when you receive the authorization callback or the token request will fail.