def access_token
return @access_token if @access_token
token_request_params = {
scope: (options.scope if options.send_scope_to_token_endpoint),
client_auth_method: options.client_auth_method
}
if client_options.key?(:private_key)
token_request_params[:client_assertion] = generate_client_assertion
end
token_request_params[:code_verifier] = params["code_verifier"] ||
session.delete("omniauth.pkce.verifier") if options.pkce
@access_token = client.access_token!(token_request_params)
if configured_response_type == "code"
verify_id_token!(@access_token.id_token)
end
@access_token
end