Add a new token_endpoint_auth_method with the old behavior of client_secret_basic

[jerroydmoore]

v2.0.1 changed the behavior of client_secret_basic by using the running the client_id and client_secret through x-www-form-urlencoded algorithm before base64 ending them for basic auth. Openid-client tool owner recognizes this is both a fix and and a breaking change when used with providers that don't currently follow the standard. Add a new option in token_endpoint_auth_method that has the old behavior of client_secret_basic that does not url encode the client tokens for basic auth for the purposes of interacting with providers that don't currently follow the standard.

[jerroydmoore]

proposed name: old_client_secret_basic

[panva]

Hi @jerroydmoore,

I understand the pain here but I'm not going to allow, support and maintain non-conform behaviours as well as non IANA registered metadata values.

If your OP isn't conform

• ask them to fix their implementation in a backwards compatible way.
• if they support client_secret_post, use that one instead until client_secret_basic is fixed on their end.