The request was determined to be using 'token_endpoint_auth_method' method 'client_secret_post', however the OAuth 2.0 client registration does not allow this method

[techdiver]

Hi,

I have searched but could not find an identical issue.

I'm running immich on UnRAID and have been using OAuth with Authelia for over a year now with no issue. Today I attmepted to access immich and the login gets stuck in a loop and I cannot get in.

In the Authelia logs I see the following.

Access Request failed with error: Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method). The request was determined to be using 'token_endpoint_auth_method' method 'client_secret_post', however the OAuth 2.0 client registration does not allow this method. The registered client with id 'immich' is configured to only support 'token_endpoint_auth_method' method 'client_secret_basic'. Either the Authorization Server client registration will need to have the 'token_endpoint_auth_method' updated to 'client_secret_post' or the Relying Party will need to be configured to use 'client_secret_basic'." method=POST path=/api/oidc/token remote_ip=109.77.153.210 stack="github.com/authelia/authelia/v4/internal/handlers/handler_oauth2_token.go:25 OAuth2TokenPOST\ngithub.com/authelia/authelia/v4/internal/middlewares/http_to_authelia_handler_adaptor.go:114 RegisterOpenIDConnectRoutes.NewHTTPToAutheliaHandlerAdaptor.func17\ngithub.com/authelia/authelia/v4/internal/middlewares/bridge.go:66 RegisterOpenIDConnectRoutes.(*BridgeBuilder).Build.func2.1\ngithub.com/authelia/authelia/v4/internal/middlewares/headers.go:105 SecurityHeadersNoStore.func1\ngithub.com/valyala/[email protected]/server.go:773 (*RequestCtx).UserValue\ngithub.com/authelia/authelia/v4/internal/middlewares/headers.go:30 SecurityHeadersBase.func1\ngithub.com/authelia/authelia/v4/internal/middlewares/cors.go:216 RegisterOpenIDConnectRoutes.(*CORSPolicy).Middleware.func18\ngithub.com/fasthttp/[email protected]/router.go:441 (*Router).Handler\ngithub.com/authelia/authelia/v4/internal/middlewares/log_request.go:14 handlerMain.LogRequest.func31\ngithub.com/authelia/authelia/v4/internal/middlewares/errors.go:38 RecoverPanic.func1\ngithub.com/valyala/[email protected]/server.go:2455 (*Server).serveConn\ngithub.com/valyala/[email protected]/workerpool.go:225 (*workerPool).workerFunc\ngithub.com/valyala/[email protected]/workerpool.go:197 (*workerPool).getCh.func1\nruntime/asm_amd64.s:1700 goexit

What confuses me is this has been working fine up until recently and I have made no config changes to immich and the only change to authelia was an updated jwks key.

Does anyone know what is going on here and how to go about fixing this?

[wioch]

I've just encountered the same problem, but since I configured Immich with Authelia (at least back in March 2025) I have not made any changes in config.
Anyway, Immich was set to client_secret_post, but Authelia's config for Immich was set to client_secret_basic.

Change in Authelia's config to client_secret_post solved my issue.