699854e76b
Enforce Authorization Code flow, and disable Implicit flow. Done: - Rename client people-front to people - Add a client secret shared with the backend - Add allowed redirect uris - Disable implicit flow and enable Authorization Code flow without PCKE - Sign userinfo endpoint to return application/jwt content