Hi Apps Sandbox ,
Since you are using the OAuth 2.0 authorization code flow, it's possible that your issue could be related to the "follow redirects" setting. If you are receiving a 200 instead of a 302 in the response code, verify if there's a configuration to set "follow redirects" to true (possibly in your forward-request policy). If so, change it to false and see if you receive the code in the header.
Also, while it won't provide the exact resolution, you can use the OIDC debugger playground to validate your configuration - OIDC Debugger
See related thread:
Not getting a code on the redirect url
Let me know if this helps. I'm happy to keep troubleshooting if your issue turns out to be something different. It would help if you include your full request in this post.
-
If the information helped you, please Accept the answer. This will help us as well as others in the community who might be researching similar questions.