My oAuth2 Service requires me to request the Access Token not via GET, but POST and sending the client_id, client_secret and token_endpoint in a JSON body.
According to the docs, authlib seems to support POST authentication requests. However, the following code does still return "invalid request" (while a manually formed request with postman succeeds):
session = OAuth2Session(
settings.SECURE_M2M_CLIENT_ID, settings.SECURE_M2M_CLIENT_SECRET,
token_endpoint_auth_method="client_secret_post"
)
token = session.fetch_token(settings.SECURE_M2M_TOKEN_ENDPOINT, verify=False)
A standard client_secret_post will send in form-encoded body. Your case can be done with a custom authenticate method, you can learn from here: https://docs.authlib.org/en/latest/client/oauth2.html?highlight=token_endpoint_auth_method#client-authentication
e.g. you can call your method: client_secret_json_post.