oAuth2ServerConfidentialPkce property
When enabled, PKCE is required for confidential clients (server-side flows using client_secret). PKCE is always required for public clients regardless of this setting.
Implementation
final bool oAuth2ServerConfidentialPkce;