BB2-3642: Update grant_types_supported and references to authorization_code grant type

[stiwarisemanticbits]

JIRA Ticket:
BB2-3642

What Does This PR Do?

Updated authorization_grant_type from authorization-code to authorization_code for both endpoints

/.well-known/openid-configuration

/.well-known/smart-configuration

What Should Reviewers Watch For?

If you're reviewing this PR, please check for these things in particular:

Validation

1. Start webserver locally
2. Make below postman request and verify grant_types_supported should contain authorization_code instead of authorization-code

GET http://0.0.0.0:8000/.well-known/openid-configuration

{
    "issuer": "http://localhost:8000",
    "authorization_endpoint": "http://localhost:8000/v2/o/authorize/",
    "revocation_endpoint": "http://localhost:8000/v2/o/revoke_token/",
    "token_endpoint": "http://localhost:8000/v2/o/token/",
    "userinfo_endpoint": "http://localhost:8000/v2/connect/userinfo",
    "ui_locales_supported": [
        "en-US"
    ],
    "service_documentation": "https://bluebutton.cms.gov/developers",
    "op_tos_uri": "https://bluebutton.cms.gov/terms",
    "grant_types_supported": [
        "refresh_token",
        "authorization_code"
    ],
    "response_types_supported": [
        "code",
        "token"
    ],
    "fhir_metadata_uri": "http://localhost:8000/v2/fhir/metadata"
}

V1 GET http://0.0.0.0:8000/v1/fhir/.well-known/smart-configuration

{
    "authorization_endpoint": "http://localhost:8000/v2/o/authorize/",
    "revocation_endpoint": "http://localhost:8000/v2/o/revoke_token/",
    "token_endpoint": "http://localhost:8000/v2/o/token/",
    "grant_types_supported": [
        "authorization_code"
    ],
    "response_types_supported": [
        "code",
        "token"
    ],
    "scopes_supported": [
        "profile",
        "patient/Patient.read",
        "patient/ExplanationOfBenefit.read",
        "patient/Coverage.read"
    ],
    "code_challenge_methods_supported": [
        "S256"
    ],
    "capabilities": [
        "client-confidential-symmetric",
        "launch-standalone",
        "permission-offline",
        "permission-patient",
        "permission-v1",
        "authorize-post"
    ]
}

V2 GET http://0.0.0.0:8000/v2/fhir/.well-known/smart-configuration

{
    "authorization_endpoint": "http://localhost:8000/v2/o/authorize/",
    "revocation_endpoint": "http://localhost:8000/v2/o/revoke_token/",
    "token_endpoint": "http://localhost:8000/v2/o/token/",
    "grant_types_supported": [
        "authorization_code"
    ],
    "response_types_supported": [
        "code",
        "token"
    ],
    "scopes_supported": [
        "profile",
        "patient/Patient.read",
        "patient/ExplanationOfBenefit.read",
        "patient/Coverage.read"
    ],
    "code_challenge_methods_supported": [
        "S256"
    ],
    "capabilities": [
        "client-confidential-symmetric",
        "launch-standalone",
        "permission-offline",
        "permission-patient",
        "permission-v1",
        "authorize-post"
    ]
}

What Security Implications Does This PR Have?

Please indicate if this PR does any of the following:

• Adds any new software dependencies
• Modifies any security controls
• Adds new transmission or storage of data
• Any other changes that could possibly affect security?

• Yes, one or more of the above security implications apply. This PR must not be merged without the ISSO or team
  security engineer's approval.

Any Migrations?

• Yes, there are migrations
  • The migrations should be run PRIOR to the code being deployed
  • The migrations should be run AFTER the code is deployed
  • There is a more complicated migration plan (downtime,
    etc)
• No migrations