I need to authenticate a service account (with container invoke role) in Cloud Run with PKCE. Basically my iOS app sends HTTPS requests to invoke certain Cloud Run Container (with Django Rest Framework).
I found this example (which authenticates to the Cloud Run endpoint via self-signed JWT in exchange for token). This is exactly what I need, but I want to add PKCE. I'm confused as to where do I send code_verifier and code_challenge? If I do the verification in my container, how would that link to Cloud Run authorization.