eclipse-vertx · pmlopes · May 31, 2023
diff --git a/vertx-auth-oauth2/src/main/java/io/vertx/ext/auth/oauth2/providers/AppleIdAuth.java b/vertx-auth-oauth2/src/main/java/io/vertx/ext/auth/oauth2/providers/AppleIdAuth.java
@@ -80,7 +80,8 @@ static OAuth2Auth create(Vertx vertx, String clientId, String teamId, PubSecKeyO
         .setTokenPath("/auth/token")
         .setRevocationPath("/auth/revoke")
         .setAuthorizationPath("/auth/authorize")
-        .setJwkPath("/auth/keys"));
+        .setJwkPath("/auth/keys")
+        .setUseBasicAuthorization(false));
   }
 
   /**
@@ -116,7 +117,6 @@ static Future<OAuth2Auth> discover(final Vertx vertx, final PubSecKeyOptions pri
       vertx,
       new OAuth2Options(config)
         .setSite(site)
-        .setClientSecret(clientSecret)
-        .setUseBasicAuthorization(false));
+        .setClientSecret(clientSecret));
   }
 }
diff --git a/vertx-auth-oauth2/src/main/java/io/vertx/ext/auth/oauth2/providers/OpenIDConnectAuth.java b/vertx-auth-oauth2/src/main/java/io/vertx/ext/auth/oauth2/providers/OpenIDConnectAuth.java
@@ -134,16 +134,28 @@ static Future<OAuth2Auth> discover(final Vertx vertx, final OAuth2Options config
           jwtOptions.setIssuer(json.getString("issuer"));
         }
 
-
-        // reset config
-        config.setSupportedGrantTypes(null);
-
         if (json.containsKey("grant_types_supported")) {
+          // reset config
+          config.setSupportedGrantTypes(null);
           // optional config
           JsonArray flows = json.getJsonArray("grant_types_supported");
           flows.forEach(el -> config.addSupportedGrantType((String) el));
         }
 
+        // configure client authentication
+        if (json.containsKey("token_endpoint_auth_methods_supported")) {
+          // optional
+          JsonArray methods = json.getJsonArray("token_endpoint_auth_methods_supported");
+          if (methods.contains("client_secret_basic")) {
+            // preferred
+            config.setUseBasicAuthorization(true);
+          } else if (methods.contains("client_secret_post")) {
+            config.setUseBasicAuthorization(false);
+          } else {
+            // default to what is defined by the callee
+          }
+        }
+
         try {
           // the constructor might fail if the configuration is incomplete
           final OAuth2Auth oidc = OAuth2Auth.create(vertx, config);