Help needed: How to use a certain auth method?

[Janne-M]

Can I force AppAuth to use a certain auth method when I'm using the OIDAuthorizationRequest() method?

One IDP I'm trying to use returns all 4 alternative auth method in the configuration document, but require us to use the client_secret_jwt as the auth method. But when using OIDAuthorizationRequest it will then default to client_secret_basic. Is there a way for me to tell AppAuth that we should only use the client_secret_jwt menthod?

[KarlBusse]

Have you read this section of the (android) readme?

Also, you’re probably being required to use client_secret_jwt because that’s what is configured in the idp for your client. Worth checking/asking if that can be changed to ‘none’ to remove the requirement, since native apps can’t keep secrets.

[Janne-M]

Thanks Karl for your input! Yup, the secret is dynamic and is not stored in the app it selves. All these requirements come from a "important" IDP, and they have their view on how things are suposed to be done. So far they say that we must authenticate us with a secret and _basic and _post are not secure enough... This is annoying since I have made a generic OIDC implementation that are configurable so my users should be able to use basically any IDP that speaks OIDC.