The client_id
and client_secret
, by default, should go in the Authorization header, not the form-urlencoded body.
- Concatenate your
client_id
andclient_secret
, with a colon between them:[email protected]:12345678
. - Base 64 encode the result:
YWJjQGdtYWlsLmNvbToxMjM0NTY3OA==
- Set the Authorization header:
Authorization: Basic YWJjQGdtYWlsLmNvbToxMjM0NTY3OA==