`private_key_jwt` use in `client_credentials` flow

[zekth]

Hello,

trying to implement private_key_jwt auth method and i faced an issue during the client_credentials flow where it seems that the client_assertion is not verified.

The method AuthorizePrivateJWTKey is used in:

• AuthorizeCodeClient:

  oidc/pkg/op/token_code.go

  Line 93 in 6373a0e

  client, err = AuthorizePrivateJWTKey(ctx, tokenReq.ClientAssertion, jwtExchanger)

• AuthorizeRefreshClient:

  oidc/pkg/op/token_refresh.go

  Line 107 in 6373a0e

  client, err = AuthorizePrivateJWTKey(ctx, tokenReq.ClientAssertion, jwtExchanger)

But it doesn't seem to be called in the client_credentials flow. Am i doing something wrong? If so could the team guide to what needs to be implemented to verify the assertion? I couldn't find anything in the documentation.