Dear All, I need your guidance, currently our organization using CXF STS and Fediz IDP I want to implement Fediz OIDC flow also for Angular applications I have below questions request you to clarify
1) I am able to test Authorization code work flow and implicit flow. But I want to implement oauth PKCE flow I received authorization code from first step but second step still expecting client_secret with code_verifier but as per oauth standard client_secret is not required for pkce right ? also how to implement DigestCodeVerifier(RS256) instead of PlainCodeVerifier https://localhost:8443/oidc/idp/authorize?client_id=cQtfnlT6xwc4xQ&response_type=code&scope=openid&redirect_uri=https://localhost:8080/test&state=state-8600b31f-52d1-4dca-987c-386e3d8967e9&code_challenge_method=S256&code_challenge=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU&audience=https://zsoasec-racf.ch.zurich.com/zsoaidp-oidc/ 2) Today ID token is JWT token which token we should use to call Rest call access token or ID token ? 3) JWT token generated by OIDC contains claims audience(aud) by default assigned value client id any specific reason ? Regards Kashi
