Issue with OIDC token_endpoint_auth_method and Authelia

[mtjoernelund]

I have set up OpenID Connect User backend to work with Authelia. I have set up the Client in Authelia. When authenticating I get send back to Nextcloud but not logged in. I receive the following error:

"Failed to contact the OIDC provider token endpoint: Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method). The request was determined to be using 'token_endpoint_auth_method' method 'client_secret_post', however the OAuth 2.0 client registration does not allow this method."

This looks exactly like the issue presented in #907. Only difference is that I have set authentication method in Authelia to client_secret_basic, not client_secret_post.

Relevant part of my Authelia configuration:

      - client_id: <redacted>
        client_name: 'NextCloud'
        client_secret: <redacted>
        public: false
        authorization_policy: two_factor
        require_pkce: true
        pkce_challenge_method: S256
        redirect_uris:
          - 'https://<address>/apps/user_oidc/code'
        scopes:
          - 'openid'
          - 'profile'
          - 'email'
          - 'groups'
        userinfo_signed_response_alg: none
        token_endpoint_auth_method: 'client_secret_basic'
        consent_mode: 'implicit'

Not sure why Nextcloud wants the method to be post. Any pointers where I need to search for a solution?

[mtjoernelund]

The art of reading has a great future. I swapped the authorization methods in the error message I received and the one received by the poster in #907. It seems that Nextcloud has gone back to requiring method to be client_secret_post rather than client_secret_basis. When I changed this in my Authelia client configuration it workd.