Hi @akshayaote7,
Welcome to the Auth0 Community! 
I need some clarification on your application architecture in order to give you an answer.
In particular,
- Our own SSO that supports Authorization Code + PKCE
I assume this is an OIDC/OAuth authorization server supporting PAR. Is it correct?
- A Client UI App
Not sure what type of application this is. When you say Client, do you mean an OAuth/OIDC client (i.e., a client with respect of 1.)? Is this application a confidential client (server-rendered web app) or a public client (SPA, mobile or desktop app)?
- A Client API App
Is this a client of an API? Where is the API in this scenario?
You mention that the Client UI app “interacts with the Client API App’s endpoints”, so I assume this is the API, not the Client API, right?
Sorry, but I need to have a clear understanding of your scenario to give you an appropriate answer. In particular, I need to understand the nature of the Client UI App, which I imagine is where the authentication flow starts.