Hi
We are using client_credentials flow of Oauth 2.0.
We pass the following in token request:
1) client_id and client-secret as form parameters. Apigee should use these for validation when creating access_token.
2) Second set of credentials in Authorization header. Apigee should ignore Authorization header.
Those are used by our custom code during token creation.
Problem: Apigee reads Authorization header and ignores form parameters (client_id/client_secret). (Though Apigee correctly uses client_id/secret if Authorization header is not passed.)
Question:
How to configure Apigee so it ignores Authorization header and uses client_id and client_secret which are passed as form parameters?
I would appreciate any suggestions.
Regards