The code works and I'm able to log in successfully.
Our requirement is to use the received access token as security header for later calls. This would normally be done by configuring an OAuth Provider and Authentication Profile rule to receive and use an access token.
Considering it is the same IdP it seems like a redundant configuration as I have to maintain client and secret in the Authentication Service and Profile rule and URLs in the Authentication Service and OAuth Provider rule.
How can I use the already available access token in later subsequent interface calls? Unfortunately I can't select my OIDC configuration as Authentication Profile in a Connect Rest rule. I know I could build a workaround saving the access token from the clipboard page AccessTokenPage during log in and work with it subsequently. This seems to go against a possible intended solution though.