• Misconfiguration on Azure side, this is the true cause.
• Firewall issue also could block external connections, but not in this case.
• Connection Timeout and Read Timeout value are too low under OIDC provider in admin console.

Additional troubleshooting steps:

Intentionally enter with wrong client_secret to break the flow and retrieve the oidc response from admin console, resend this oidc response manually with postman again.

{code=[0.ATUA.............cLk], 
client_id=[d6cae................e10f], 
client_secret=[I4i8..............X], 
redirect_uri=[https://myhost.example.com/default/oauth2/v1/rp/callback], 
grant_type=[authorization_code], 
code_verifier=[YuUT......................ZU]}

Send above request body to below token url. With code_verifier is used,  may only get to submit this one time.

Second submission gets a different error: "AADSTS54005: OAuth2 Authorization code was already redeemed, please retry with a new valid code or use an existing refresh token."

https://login.microsoftonline.com/......./oauth2/v2.0/token

response returned:

error": "invalid_request",
    "error_description": "AADSTS50146: This application is required to be configured with an application-specific signing key. It is either not configured with one, or the key has expired or is not yet valid. Trace ID: e759de50-...............1600 Correlation ID: 223c7................f8458bc Timestamp: yyyy-mm-dd hh:mm:ssZ",
    "error_codes": [
        50146
    ],
    "timestamp": "yyyy-mm-dd hh:mm:ssZ",
    "trace_id": "e759de50-...............1600",
    "correlation_id": "223c7................f8458bc",
    "error_uri": "https://login.microsoftonline.com/error?code=50146"

There is no signing key certificate configured on Azure side, this error AADSTS50146 a bit misleading, however the error code is a good lead for further root cause research.