Spring boot webserver with Private Key config


I have a front end spring boot webserver. I have a client configured in okta with token_endpoint_auth_method as “private_key_jwt”. How can I implement a PKCE flow with this setup? Should I use OKTA sign in widget from the client side or delegate the same flow to the server? Also does okta spring boot support private_key_jwt?

private_key_jwt: Use this when you want maximum security. This method is more complex and requires a server, so it can't be used with public clients.

I believe, sign-in widget can do that, but it’s only to obtain an authorization code, which you will send to your backend for it to be exchanged for the token on a back-channel