Access Management 7.3.1

Form parameters (HTTP POST)

The OAuth 2.0 client authenticates by sending client_id and client_secret form parameters in an HTTP POST request:

$ curl \
--request POST \
--data "client_id=myClient" \
--data "client_secret=forgerock" \
…​

To use this authentication method for a confidential OAuth 2.0 client, edit the client profile in the AM admin UI:

  1. Go to Realms > Realm Name > Applications > OAuth 2.0 > Clients > Client ID > Advanced.

  2. Set the Token Endpoint Authentication Method to client_secret_post and save your work.

Make sure all connections to AM use HTTPS to protect the secret.