Postman is an API platform for building and using APIs. Postman simplifies each step of the API lifecycle and streamlines collaboration so you can create better APIs—faster.
[X] I have searched the tracker for existing similar issues and I know that duplicates will be closed
Describe the Issue
Clicking the refresh button should send the refresh_token request client_id and secret in the body when Client Authentication is set to "Send client credentials in body" instead of always being in the Authorization header.
Steps To Reproduce
Go to your IDP and create a new client with Auth Method client_secret_post and enable refresh tokens
Open new request tab
Select Authorization tab
Select Auth Type of OAuth 2.0
Fill out Configure New Token form with Authorization Code flow
Select Client Authentication to be "Send client credentials in body"
Click on "Get New Access Token"
Click on "Use Token"
Scroll up to where the token is listed
Click on the "Refresh" button
You should now get an error pop up
Click on console and you should see an error stating "Error: invalid_client, Description: Invalid authentication method for accessing this endpoint."
Expand the POST request in the console
Look at Request Headers and you will see Authorization header with Basic encoded credentials
Is there an existing issue for this?
Describe the Issue
Clicking the refresh button should send the refresh_token request client_id and secret in the body when Client Authentication is set to "Send client credentials in body" instead of always being in the Authorization header.
Steps To Reproduce
Screenshots or Videos
Operating System
macOS
Postman Version
11.18
Postman Platform
Postman App
User Account Type
Signed In User
Additional Context?
No response