We have noticed the below issue after upgrading the OTK from 4.3.1 to 4.6.0
If we pass client_id or client_secret under parameters we are getting error.
Please find the sample request below.
curl --location --request POST 'https://abc.com/auth/oauth/v2/token?grant_type=client_credentials&client_id=xxxxxxxxx&client_secret=xxxxxxxxxxx&scope=foo' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Accept: application/json' \
--header 'cache-control: no-cache'
{
"error": "invalid_request",
"error_description": "Missing or duplicate parameters"
}
Release : 10.1
Starting with Oauth 4.6 we do not support to pass the client_id and client_secret as query string parameters anymore due to security concerns
see the Release Notes for Oauth 4.6 .