I have an application that is using social sign-in authentication. When configuring the authentication scheme I ran into an issue that took us quite a while to debug.
What was happening was that we were registered with the Open ID Connect Provider for the “client_secret_basic” connection method. The problem was that the discovery URL also includes “client_secret_post”. What would happen is that ORDS would always opt to use “client_secret_post” rather than “client_secret_basic” and we'd get a 401 error.
After we finally nailed down the problem, we had to get the provider to switch us to “client_secret_post” because we couldn't figure out how to get around the problem.
Is there a way do force “client_secret_basic” without doing something like reconfiguring ORDS or manually entering generic OAuth2 provider (which seemed like a bad idea)? I've scoured the internet but I came up with nothing.