The API my team is deploying is using ouath2.0 and identityserver 4.
The configuration to obtain the token in postman, using the authorization_code with PKCE, need a callback URL, which is provided by postman.
Callback URL: https://oauth.pstmn.io/v1/callback
My team suggests that for security reasons the callback should not be a generic one, but a custom one.
I want to know if there is a way to use a custom callback URL to request the token or if there any security vulnerabilities if the general callback URL provided by postman is used.
The API test will be executed in azure pipelines.
