If Client Secret has been chosen as an Authentication Mechanism, is it still the case that the ID Token will be returned as a JWT?
Hi, I noticed that you had not got a reply for your query, so I have asked colleagues if they could provide an answer. They came back with a further question first.
are they doing app-restricted vs. user-restricted?
if you are still wanting answer and can provide a response I will try and progress for you.
Hi. This was an early question before I had got a clear understanding. I know now you provide a Private Key JWT for the ‘token’ request. There is no need to further the question.