From 826a23123768f4fe0257ad319708d8b89e8e872e Mon Sep 17 00:00:00 2001
From: Guillaume <guillaume-fr@users.noreply.github.com>
Date: Mon, 28 Jul 2025 12:23:08 +0200
Subject: [PATCH] Prefer client_secret_post authentication method when
 available

---
 src/client.ts | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/client.ts b/src/client.ts
index 9ac5ba9..c1aff90 100644
--- a/src/client.ts
+++ b/src/client.ts
@@ -379,7 +379,9 @@ export class OAuth2Client {
       && !this.settings.authenticationMethod
     ) {
       for(const method of this.serverMetadata.token_endpoint_auth_methods_supported) {
-        if (method === 'client_secret_basic' || method === 'client_secret_post') {
+        if (method === 'client_secret_basic') {
+          this.settings.authenticationMethod = method;
+        } else if (method === 'client_secret_post') {
           this.settings.authenticationMethod = method;
           break;
         }