What is the problem you are trying to solve?
In cases where OIDC is configured to use none as a supported token endpoint authentication method, Liferay does not permit this thereby breaking Public clients from working properly.
To provide context, setting none aids with the use of Public clients in case where we do not want to store client secrets. In these scenarios, Proof Key for Code Exchange (PKCE) is a common security method to protect the authorization code grant flow.
What is your project about? (e. g. Intranet, Partner Portal, Enterprise Website, etc)
This is an authentication implementation on a public site.
What is your proposed solution? (optional)
Please permit the use of none as a supported token endpoint auth method. This would ensure that Liferay closely adheres to OIDC standards with respect to public clients.