Few of our clients are passing Client ID, secret as request parameters.

We are upgrading from v9.2 to v11. In 9.2 it was working fine, but failing in v11.

Release : 11.0

client_secret should not be passed in the query parameter this change occurred with OTK 4.6 - hardening the security

The service for tokens:  auth/oauth/v2/token

The added check is Policy Line 27 “Evaluate Regular Expression”, if you temporarily disable this assertions you can send the info in the request parameters 

This should only be temporary and will also be overwritten on updates