Closed jerroydmoore closed 6 years ago
proposed name: old_client_secret_basic
Hi @jerroydmoore,
I understand the pain here but I'm not going to allow, support and maintain non-conform behaviours as well as non IANA registered metadata values.
If your OP isn't conform
v2.0.1 changed the behavior of
client_secret_basic
by using the running theclient_id
andclient_secret
throughx-www-form-urlencoded
algorithm before base64 ending them for basic auth. Openid-client tool owner recognizes this is both a fix and and a breaking change when used with providers that don't currently follow the standard. Add a new option intoken_endpoint_auth_method
that has the old behavior ofclient_secret_basic
that does not url encode the client tokens for basic auth for the purposes of interacting with providers that don't currently follow the standard.