token_endpoint_auth_methods_supported
OPTIONAL. JSON array containing a list of client authentication
methods supported by this token endpoint. Client authentication
method values are used in the "token_endpoint_auth_method"
parameter defined in [Section 2 of [RFC7591]](https://www.rfc-editor.org/rfc/rfc7591#section-2). If omitted, the
default is "client_secret_basic" -- the HTTP Basic Authentication
Scheme specified in [Section 2.3.1](https://www.rfc-editor.org/rfc/rfc8414.html#section-2.3.1) of OAuth 2.0 [[RFC6749](https://www.rfc-editor.org/rfc/rfc6749)].
This PR errs on the side of just allowing any valid auth method if the server doesn't specify any.
Working on #115 uncovered this issue.
I'm unsure exactly what's meant in the RFC:
This PR errs on the side of just allowing any valid auth method if the server doesn't specify any.