Since it is the recommended flow to support mobile clients using OpenID Connect it seems surprising that Web Authenticator does not appear to support PKCE.
I have seen David Britch's post where he combines Web Authenticator with IdentityModel.OidcClient however that has a bit of a problem on iOS when the Authority supports shared cookies and thus pops the iOS Sign In permission. Declining that causes an NSErrorException to be thrown in WebAuthenticator. Also, this OidcClient tends to be quite slow, presumably because it's parsing the discovery document.
Does anyone know if it is planned to support more complex flows using WebAuthenticator?