401/Unauthorized when obtaining token in Authorization Code grant

Yup, there’s a much shorter (though still somewhat strange path) to achieve success:

  1. Create a new tenant
  2. Set it up (e.g. callback URL’s)
  3. Confirm 401’s when sending in a valid code to /oauth/token
  4. Change “Application Type” to “Regular Web Application”
  5. Change “Token Endpoint Authentication Method” from “POST” to “None”. (Seems to be important part
  6. Confirm modal “… will disable the Client Credentials grant for…”
  7. Confirm happy path (receive 200/OK when sending in that code to /oauth/token)

Here’s my ask:

Seems like when you set “Application Type” to “Single Page Application”, perhaps it should automatically set “Token Endpoint Authentication Method” to “None” ? Seems weird that I have to cycle through other app types, so that “Token Endpoint Authentication Method” field becomes active.

9 Likes