Adds support for custom client secret verification including the use of hashed secrets.
Features
- The default response mode is set to query if the response type is missing, invalid or unsupported.
- Added IClientSecretVerifier to support custom client secret verification including the use of hashed secrets.
- For private_key_jwt and client_secret_jwt client authentication, the audience should be validated against the applicable endpoint URL rather than the issuer URL.