Form parameters (HTTP POST)
The OAuth 2.0 client authenticates by sending client_id and client_secret form parameters in an HTTP POST request:
$ curl \
--request POST \
--data "client_id=myClient" \
--data "client_secret=forgerock" \
…To use this authentication method for a confidential OAuth 2.0 client, edit the client profile in the AM admin UI:
-
Go to Realms > Realm Name > Applications > OAuth 2.0 > Clients > Client ID > Advanced.
-
Set the Token Endpoint Authentication Method to
client_secret_postand save your work.
Make sure all connections to AM use HTTPS to protect the secret.