ClientCredentialsGrant cannot use method client_secret_post

Well, I’ve got the configuration logic maybe finally. Thanks for the explanation and patience.

It’s hard to grasp and confusing example-oauth2-server configuration for me. Some parts are configured in app.py, others in oauth2.py and maybe other files, too. I would guess a custom refresh token generator may be done by subclassing (but it’s done by OAUTH2_REFRESH_TOKEN_GENERATOR setting). On the other hand, I would expect adding a token endpoint auth method should be some config setting, not subclassing ClientCredentialsGrant. Also, the fact that oauth2_client.token_endpoint_auth_method is not related to TOKEN_ENDPOINT_AUTH_METHODS does not help to project understanding.

So, I rather to not open any doc PR, since I do not feel I still understand the config logic.

DB oauth2_client.token_enpoint_auth_method is ignored. It should be removed.

It is not. And you have spelled it wrong. It is token_endpoint_auth_method.

Doc is to BaseGrant.authenticate_token_endpoint_client() is wrong.

It is not. It is a misunderstanding from your part. It can be improved of course, but it is not wrong.

Please, add it to the example-oauth2-server server doc.

You can send a PR to example-oauth2-server.

but IMHO not a good one if I have to make own subclass just to configure one variable.

That is how “Grant” works in authlib. You can find that other “Grants” such as AuthorizationCodeGrant, RefreshTokenGrant are required to make a subclass. If you don’t need to customize ClientCredentialsGrant, you can use it directly. But if you want to customize it, you need to subclass it. That is how other “Grants” works and I’d like to keep them in the same way.