I have a client app that sends some parameters to the /authorize endpoint that I would need to capture/validate before passing the request to Auth0’s /authorize endpoint. After I captured request in my mediation tier, validated the data, then invoked Auth0’s /authorize from my backend servers (using the /authorize PKCE flow), I get a 200 OK response rather than a 302 (Found). But when I hit the same endpoint using RESTlet in my browser, I get the expected 302 (Found) response.
How can I call the /authorize PKCE endpoint from my server such that it’ll return the proper 302 response? I understand this is unconventional, but I need this capability because Auth0 currently does not support the signed request object parameter. (http://openid.net/specs/openid-connect-core-1_0.html#JWTRequests)