Follow .well-known/openid-configuration
-> token_endpoint_auth_methods_supported
#11646
Labels
p1-urgent
Consider a hotfix release with only that fix (ex: lose trust, money, security issue, ...)
At the moment we send the client id and secret as a basic auth header as well as a post parameter.
We should read the
token_endpoint_auth_methods_supported
field of the well-known endpoint and only use one."client_secret_basic",
"client_secret_post",
Else "Active Directory Federation Service" will respond with
Error when getting the accessToken "Fehler vom Server zurückgegeben: <em>MSIS9631: Received invalid OAuth request. Multiple client authentication methods were attempted.</em>"
The text was updated successfully, but these errors were encountered: