I am having a hard time finding the reference documentation on the parameters expected for each of the endpoints. Specifically, do I send the audience parameter to the /oauth/token endpoint? Since this endpoint is accepting my code_verifier, I assume it already knows what my audience is.
The docs exist as part of an example, which is hard to locate:
I’m realizing I didn’t answer this in your other topic. Sorry about that, and thanks for opening another topic.
It depends on the flow, specifically a client credentials vs implicit or auth code (or the /oauth/token endpoint vs /authorize endpoint). Please see the doc below for the example requests and params for each endpoint.