We have a rule that currently sets a custom claim as an id, and the value is generated within the rule.
We would like to actually pass this value into the signup flow securely. We understand that we can send the value via POST for /oauth/token (for email/password flows) and via GET to /authorize endpoint (for social/Authorization Code flow).
Is there any way to do this securely?
We were thinking about some verifier or key as used by the Authorization Code Flow with Proof Key for Code Exchange (PKCE).
Any recommendations/advice are welcome.