Hello Community,
I'm looking to make CA API Gateway as a confidential client in the OIDC Authorization Code flow. Since I want to protect the access tokens being cached within the browser where SPA runs, my CA API Gateway should act as Relying Party towards my Enterprise OpenID Provider. Is there a reference architecture/implementation info on the same that I can refer to?
Regards,
AV