Exploring Back Channel Authentication with Zitadel: Understanding OIDC Security Through Undocumented APIs