Class InMemoryCodeRepository

Atomically retrieve and delete the code record. This is the sole authenticity gate for authorization code exchange. Returns null when the code is unknown or has already been consumed (replay prevention).

Issue an authorization code and persist all associated data atomically. After consumeByCode, the code is single-use; client_id and redirect_uri embedded in the record replace the session-based identity binding removed in v0.5.1 (D-1 spec).

Retrieve a code record by the authorization code string. Returns null when no record matches — the method is fail-soft on absence, matching the findBy<Field> convention used by ClientRepository.findById.

Naming note (AS-10): renamed from getByCode to findByCode at 1.0 GA to align with the repository-method convention introduced in v0.5.2: findBy<Field> for optional lookups (null on absence), get(<id>) for single-object stores, and operation-specific names like consumeByCode (atomic single-use) for non-lookup operations. The v0.5.x getByCode name was deprecated via the JSDoc-only documentation in v0.5.2 (AS-10).