How to design a config structure for Duo OIDC Auth API Implementation?

We are implementing the Duo OIDC Auth API for adding strong two-factor authentication to our web application.( Duo OIDC Auth API - Duo Universal Prompt | Duo Security)

In our understanding Duo uses FAPI security client_secret_jwt for client authentication. Is it correct?

We’d like to know is there any sample client implementation to refer because we would like to design the OIDC client in a generic way.

Our pain area is to design the request.payload arguments config structure in an end user perspective.

Looking forward to hearing from you.