Allow user to pass authentication info in the query string parameters in OTK 4.6.1 .
API Gateway Release : 10.1 & 11.0
As part of Oauth 2.0 compliance we started restricting sending the client_id & client_secret in query string of the message.
It is still possible to use within query string with some updates to the services. Please try the below option:
([?&]subject_token=)|([?&]actor_token=)|([?&]code=)|([?&]code_verifier=)|([?&]device_code=)
NOTE: Line numbers mentioned are for reference ONLY.
We have seen customers generating OAuth token in the "old" way and it would be a big problem handle the new mode, by passing parameters in the payload.