listen to this.
I am trying to run authentication with authorization code flow.
In the login request I am sending ‘state’ ‘client’ ‘protocol’ ‘redirect_uri’ ‘response_type’ and ‘scope’.
The response type is code and the scope is only ‘openid’.
After authentication I am getting a code.
And after that when I am trying to exchange the code to id_token, it succeed even though I dont send the secret. If I send wrong secret it fail, and if I do not send secret at all it work.
Maybe its something I am missing in here?
Is it suppose to be like that?