In the OpenID standard, the client authentication method can be defined in the configuration of the oauth2 provider (here OpenAM).
if not, the "client_secret_basic" will be used.
In the OpenAM 12 agent profile, the client authentication method can't be defined, therefore the "client_secret_basic" should be used.
However, OpenAM 12 doesn't check the method used.
It means that, if we take for example this request should failed, as it used the "client_secret_post" method:
instead, you will get the access token.
To be compliant with the standard in 12, use the method "client_secret_basic" , like:
As 12 allows request that are not compliant with the standard, you may have some requests failing when upgrading to 13.
You will have an error like:
As explain above, that's not a regression in 13 but a correction made in 13 to be compliant with the standard.
In 13, you can configure the client authentication method in the agent profile.
Therefore, for correcting this error, you can:
- select the appropriate client authentication method in the agent profile
- correct your request to use the client authentication method defined in the agent profile.