I would like to know where exactly in the code are we using the code_verifier and code_challenge. I thought pkce flow works like :
- hit the /authorize endpoint with code_challenge as parameter to get the authorization_code.
- hit the /token endpoint with authorization_code and code_verifier as parameters to get id_token and access_token.
- Validate the id_token by sending it to /introspect endpoint.
How are the redirects done in the code? Does loginOkta() take care of all of these ?