In the spirit of providing as much information as possible, I want to share two things.
The first is that while my customer wants to configure their Enterprise OIDC connection to use Front Channel communication with PKCE, our app is a traditional server-side web app and so our Auth0 client Application is configured as such.
Second random thing to share is that I found the custom OAuth2 post, and I attempted it as a workaround although the directions are scant at best. I ran into two problems. First was that I don’t see an API endpoint for programmatically creating Enterprise Connections, just “regular” connections. So for example, when I attempted to create my connection via POST to api/v2/connections the response was a 400 with "message"=>"show_as_button can be set only for enterprise connections”. Also aside from that I ran into a number of other validation errors because it wanted settings for enable_script_context and scripts properties, which I don’t understand or need in my case. I’d need some help navigating this if its even a possibility.
All that said, I’m still hoping that we’ll be able to use an OIDC Enterprise connection and that you’ll be able to illuminate why I’m not seeing it use PKCE when reaching out to the IdP.