How can I enable PKCE flow for OIDC authentication login on Google Cloud without using client_secret?

How to enable PKCE flow in google colud for OIDC authentication login. I do not see any option there. I do not want add the secret in my web application and want to use PKCE flow

My application is generating the code challange other parameters needed for PKCE flow but still i am getting error client_secret is needed

Google Cloud Platform does not currently support the PKCE (Proof Key for Code Exchange) flow for OAuth 2.0 directly. The PKCE flow is predominantly used in public clients (e.g., Mobile, Single Page Application) where a client secret cannot be stored securely. This flow is not necessary with web server applications, as the client secret can be embedded securely on a server, and thus Google platform doesn't support the PKCE flow for OIDC.

However, if you want to use PKCE flow, you can use third-party Identity Providers (IDP) that support OpenID Connect with PKCE flow, like Okta or Auth0. You would create an OIDC IDP in these platforms, and then tunnel the authentication through them. These platforms have options to use PKCE flow.

You can then integrate Google's OIDC with these IDPs. There might be additional costs here but security-wise, it would be more resilient.

Also note that, in order to obtain an access token, client_secret is required as per Google OAuth Server flow, it does not mean the secret should be stored in the client side. Instead, the application will call the backend server with the 'code', then the server should use the code, client_id and client_secret to get