I am working an an SPA in angular and azure functions as back end. and using Azure active directory for single sign on. I have implemented Implicit Flow it works fine. but the issue is I do not want to expose the access_token in the browser.
I want to implement code grant flow with PKCE validation. I need recommendations how to do it properly in azure functions.