Allow user to pass authentication info in the query string parameters in OTK 4.6.1 .

API Gateway Release : 10.1 & 11.0

As part of Oauth 2.0 compliance we started restricting sending the client_id & client_secret in query string of the message.

It is still possible to use within query string with some updates to the services. Please try the below option:

1. Here we are taking example of endpoint:  /auth/oauth/v2/token
2. Update the line 27 regex to - ([?&]subject_token=)|([?&]actor_token=)|([?&]code=)|([?&]code_verifier=)|([?&]device_code=)
3. Disable the Validate HTML Form Data (line 28)

NOTE: Line numbers mentioned are for reference ONLY.

We have seen customers generating OAuth token in the "old" way and it would be a big problem handle the new mode, by passing parameters in the payload.