In my android app, I am trying to do plain old OAuth2 against my server which requires client secret on it's authorization call (even for pkce).
I have the clientId & clientSecret that I got from server out of band. I have *not performed dynamic client registration.
How do I set the clientSecret on authorization request so I can do oauth authorization code grant ?
Server can support it either on http basic auth header or in request body.
Tried a few things that did not work -
Any help is appreciated.
Thanks
I'm a little confused because normally a client_secret is not sent as part of the authorization endpoint request, but as part of a token endpoint request. If it's the token request part you're talking about, you can pass a ClientSecretBasic or ClientSecretPost instance to performTokenRequest. This will attach your client secret as an Authorization header or form body parameter, respectively.
Let me know if this solves your problem.
I am able to get it to work. Thanks
I麓m having same trouble perform client authentication in token activity, do you have any example of this. i allways get noclientauthentication
Most helpful comment
I'm a little confused because normally a client_secret is not sent as part of the authorization endpoint request, but as part of a token endpoint request. If it's the token request part you're talking about, you can pass a ClientSecretBasic or ClientSecretPost instance to performTokenRequest. This will attach your client secret as an
Authorizationheader or form body parameter, respectively.Let me know if this solves your problem.