Authorization code flow with React and .NET

Hello all,

I got a task to research and make a small demo app that will use React for fronted and .net core for the backend. Authentication should be handled with Keylcoak and I need to use authorization code flow.

I have a little experience with using Keycloak with React, but I never used .Net and I am not sure how should I architect the app. From my understanding, auth code flows means that I should exchange authorization code for token via back channel, which means that .net and keycloak should ‘know’ about each other by exchanging secret key and the actual exchange should go via backend. Does that mean I need to use keycloak plugin/extension for .net instead of javascript-adapter? Or I need both?

What I did for now is started a demo app with ‘dotnet new react’ command and I added js-adapter to react, I created a client and connected react with keycloak, but I am not sure what should be my next step or am I even on the right track.

I was also reading about PKCE and I am wandering could that be an option as well.

What you did finaly please, do you have some link to share ?