Hypothetical scenario - SPA web app uses PKCE to auth against backend API
How do I mint an access token to validate the deployed API without using the credentials of a specific user?
Want to use OAuth to scope to the specific functionality we are going to test. This would be machine to machine, will not be going through the public web site.
In the documentation for the pkce flow, I see how to auth with a redirect uri:
But I need a token, not a redirect.
Not clear how to use the PKCE flow here:
Do I need to get an auth code first and then exchange it for a token?