Summary:

The code changes in this pull request focus on improving the security and functionality of the Jans Auth Server's authorization challenge and token-related features. The key changes include:

1. DPoP (Demonstration of Proof of Possession) Integration: The code has been updated to handle the DPoP header in the HTTP request, which helps mitigate the risks associated with token leakage and replay attacks.

2. Authorization Challenge Validation: The code includes new validation methods to ensure the integrity of the authorization challenge process, such as validating the PKCE (Proof Key for Code Exchange) parameters and the authorization challenge session.

3. Token Management: The changes enhance the handling of token-related operations, including improvements to grant type validation, refresh token validation, and audience validation. These changes help to maintain the security and integrity of the token-based authentication and authorization processes.

4. Error Handling: The code includes better error handling and more informative error responses, which can help client applications troubleshoot and handle errors more effectively.

Overall, the changes in this pull request appear to be focused on improving the security and robustness of the Jans Auth Server's authorization and token-related functionality. The integration of DPoP, the enhanced validation of authorization challenges, and the improvements to token management are all positive steps towards enhancing the application's security posture.

Files Changed:

1. docs/janssen-server/auth-server/oauth-features/README.md: The documentation has been updated to reference the latest "OAuth 2.0 for First-Party Applications" specification.
2. docs/janssen-server/auth-server/endpoints/authorization-challenge.md: The documentation provides an overview of the Authorization Challenge Endpoint and the behavior of the custom script.
3. docs/script-catalog/authorization_challenge/authorization-challenge.md: The documentation for the Authorization Challenge Custom Script has been updated.
4. docs/script-catalog/authorization_challenge/AuthorizationChallenge.java: The code changes include the handling of the DPoP header and the management of the AuthorizationChallengeSession object.
5. jans-auth-server/common/src/main/java/io/jans/as/common/model/session/AuthorizationChallengeSessionAttributes.java: A new field jkt (JWK SHA-256 Thumbprint) has been added to store the DPoP public key thumbprint.
6. jans-auth-server/server/src/main/java/io/jans/as/server/auth/DpopService.java: The getDpopJwkThumbprint method has been made static.
7. jans-auth-server/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthorizationChallengeEndpoint.java: The code now includes a reference to the DpopService and handles the transition from the older "device_session" and "use_device_session" parameters.
8. jans-auth-server/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthorizationChallengeService.java: The code includes the validation of DPoP and JKT values.
9. jans-auth-server/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthzRequest.java: A new field dpop has been added to the AuthzRequest class.
10. jans-auth-server/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthorizationChallengeSessionService.java: The code handles the creation, retrieval, and management of authorization challenge sessions.
11. jans-auth-server/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthorizationChallengeValidator.java: The code includes new methods to validate the DPoP token and the grant type.
12. jans-auth-server/server/src/main/java/io/jans/as/server/model/common/AbstractAuthorizationGrant.java: A new boolean field isAuthorizationChallenge has been added.
13. jans-auth-server/server/src/main/java/io/jans/as/server/model/common/AuthorizationGrantList.java: