Hi there,
Thank you for reaching out to us!
Wanted to provide some information, in case others find this useful as well, but I believe that you are using an external API that is requesting the client_secret_post method, and the SPA application should have it’s authentication method set to none.
This might be problematic, as SPAs are not confidential clients and are not able to store client secrets, and storing them on the frontend presents a security risk, as they are exposed and easily accessible. One way that might work would be to set up your own API for authentication.
Some useful documentations that I can recommend reading through:
- "Invalid_client (Invalid Authentication Method for Accessing this Endpoint.)" on OIDC Connection
- Difference between SPA, Regular Web App, and even Native Apps? - #5 by thestephenstanton
- Storing client secret in SPA
- Authentication method misunderstnading
Hope this helped!
Gerald