leebrandt
Hey Kelvin:
First, PKCE is designed to be used with client-side apps and mobile apps. For server-side applications (like .NET) just use the Authorization Code flow and use the Client Secret instead of the PKCE.
For validating the token. It should be done the same as in .NET Core 2.0. There is another post from this blog on that topic. https://developer.okta.com/…
I’ve linked to the validation parameters here for the Startup.cs file.
Hope this helps.