oCIS web OIDC secret?

I’d like to test oCIS with our OIDC IDP but it seems I can’t set the OIDC secret. I can set WEB_OIDC_CLIENT_ID as required by our IDP but a setting like WEB_OIDC_CLIENT_SECRET does not seem to exist. Our IDP does not allow clients with empty or no client secret. Am I out of luck here? Will an optional client secret be supported for OIDC (as is done for OAUTH I believe)?

Alternatively, can I do without external OIDC altogether and just use our LDAP server, after the current problems (see topic “Infinite Scale 2.0.0 problems with external LDAP” can’t post links) are fixed? In other words, is there any real benefit to using external OIDC IDP in addition to external LDAP server?