oAuth2, send client secret and id using POST parameters for application flow (client credentials)

[jakubzloczewski]

• swagger-ui version : 3.0.13

Some oAuth2 clients are registred with option token_endpoint_auth_method = client_secret_post. That means when they are trying to get token using /token endpoint they have to provide client_secret and client_id using request body instead of Authorization header.
Current implementation supporting only clients registered with option token_endpoint_auth_method = client_secret_basic.

More about this here: https://tools.ietf.org/html/rfc7591#section-2

It would be nice to have way to control which method will swagger-ui use to get token. As nothing was mentioned in OpenAPI spec maybe we can just add dropdown so user can pick desired method.

[frol]

Here is my thorough summary of the state of OAuth2 Password Flow implementation in Swagger-UI: #3227.

[webron]

Closing in favor of #3227, as part of reorganizing the tickets. Thanks for the feedback.