added support for dpop auth

[tanish-okta]

PR Checklist

Please check if your PR fulfills the following requirements:

• The commit message follows our guidelines
• Tests for the changes have been added (for bug fixes / features)
• Docs have been added / updated (for bug fixes / features)

PR Type

What kind of change does this PR introduce?

• Bugfix
• Feature
• Code style update (formatting, local variables)
• Refactoring (no functional changes, no api changes)
• Adding Tests
• Build related changes
• CI related changes
• Documentation changes
• Other... Please describe:

What is the current behavior?

Demonstrating Proof-of-Possession is enabled by default for API Services but this feature is not supported in the SDK. Creating a new Okta API Service with a private-public key pair will not work unless the checkbox for DPoP is turned off. Calling any API results in 403 (invalid token) and on the System Log side it looks like invalid_dpop_proof error. SDK works as expected with DPoP turned off

Issue Number: N/A

What is the new behavior?

Added support for DPOP

Does this PR introduce a breaking change?

• Yes
• No

Other information

Reviewers

[aniket-okta]

LGTM.
The DPoP implementation is solid, well-tested, and follows the spec closely. The changes are cleanly integrated and unlikely to disrupt existing usage. I recommend merging after a documentation update (if not already planned).

Suggestions

• Documentation: Consider adding or updating SDK documentation to explain how to enable DPoP, expected configuration, and limitations.

• Backward Compatibility: The changes seem to be backward compatible, but a quick check in the changelog/upgrade guide would be beneficial for users upgrading the SDK.

• Error Handling: The error handling for invalid private keys is robust in tests, but ensure that user-facing error messages are clear in production (not leaking sensitive data).

[aniket-okta]

LGTM