Conneting to a third party via OIDC Restrictions on auth method

Hey All.

We have a client who have Ping as their ID provider. We have connected to them using the OIDC setup using Client / Secret. This is all working, but their internal policies do not allow us to use client / secret and would like us to use either:

Private Key JWT
Client TLS Certificate with PKCE

Are either of these offered via Auth0? Will changing the OIDC config from backdoor to front door enable private key JWT? Or will that just be no authentication but with PKCE?

Sorry for all the questions and thanks for the help.