nfroidure
commented
4 years ago Closing since per the spec :
Alternatively, the authorization server MAY support including the client credentials in the request-body
MAY means no required ;). Since most APIs are using JSON, this usage should be very limited.
Anyway anyone willing to implement this coud easily achieve it by wrapping the httpTransaction or httpRouter to do it.
As described here : https://tools.ietf.org/html/rfc6749#section-2.3.1
Currently we lack ok the body / query params methods.