feat: client secret in header - update docs with note

[tamalchowdhury]

Description (required)

Related issues & labels (optional)

• Closes #
• Suggested label:

Summary by CodeRabbit

• Documentation
  • Expanded OAuth2 configuration guide with client authentication method options (body vs header), defaults, provider notes, and guidance that switching methods can resolve token exchange failures.
  • Added troubleshooting for 401/invalid_client errors tied to client authentication method.
  • Restructured steps and clarified sequencing/wording; added a titled disclaimer and updated timestamps and cross-references in related social-sign-in docs.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 265dadc4-ea5c-41f5-a0ac-44ed5b5d37e9

📥 Commits

Reviewing files that changed from the base of the PR and between 5e1aec5 and 568a45f.

📒 Files selected for processing (2)

• src/content/docs/authenticate/custom-configurations/custom-oauth2-connection.mdx
• src/content/docs/authenticate/social-sign-in/add-social-sign-in.mdx

🚧 Files skipped from review as they are similar to previous changes (1)

• src/content/docs/authenticate/social-sign-in/add-social-sign-in.mdx

---

Walkthrough

Updated two authentication docs: added a new "Client authentication method" subsection (body vs header) to the Custom OAuth 2.0 connection guide, reordered steps and troubleshooting for 401/invalid_client, and updated a cross-reference note in the Social Sign-In guide. Metadata timestamps updated.

Changes

Cohort / File(s)	Summary
Custom OAuth 2.0 Configuration Guide src/content/docs/authenticate/custom-configurations/custom-oauth2-connection.mdx	Added a "Client authentication method" subsection describing body vs header options, defaults, provider examples, step renumbering/reflow, a troubleshooting item for 401/invalid_client, and updated metadata timestamp.
Social Sign-In Guide src/content/docs/authenticate/social-sign-in/add-social-sign-in.mdx	Updated note to mention configurable client authentication method (body vs header) for Custom OAuth 2.0 connections and updated metadata timestamp.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐇 I nibbled notes and sharpened lines,
Tucked "body" and "header" between the signs,
Steps reordered, errors caught,
A clearer path for tokens sought,
Hop, click, and docs aligned. ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: documentation updates explaining the new client authentication method option (client secret in header vs body).
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch tamal/feat/client-secret-in-header-option

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cloudflare-workers-and-pages]

Deploying kinde-docs-preview with    Cloudflare Pages

Latest commit:	568a45f
Status:	✅  Deploy successful!
Preview URL:	https://a8e9d638.kinde-docs-preview.pages.dev
Branch Preview URL:	https://tamal-feat-client-secret-in.kinde-docs-preview.pages.dev

View logs

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

src/content/docs/authenticate/social-sign-in/add-social-sign-in.mdx (1)

54-54: Use a single OAuth naming style in this sentence.

Line 54 mixes “OAuth 2.0” and “OAuth2”; prefer one format for consistency.

✏️ Suggested edit

-You can also add [Custom OAuth 2.0 connections](/authenticate/custom-configurations/custom-oauth2-connection/) via the same **Social connections** area. Custom OAuth2 connections now support configuring the client authentication method (body vs. header) for the token exchange — see that guide for details.
+You can also add [Custom OAuth 2.0 connections](/authenticate/custom-configurations/custom-oauth2-connection/) via the same **Social connections** area. Custom OAuth 2.0 connections now support configuring the client authentication method (body vs. header) for the token exchange — see that guide for details.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/content/docs/authenticate/social-sign-in/add-social-sign-in.mdx` at line
54, Update the sentence to use a single consistent OAuth naming style: change
either "Custom OAuth 2.0 connections" or the later "OAuth2" to match (e.g., use
"OAuth 2.0" in both places). Specifically edit the sentence containing "Custom
OAuth 2.0 connections" and "OAuth2" so both occurrences use the same format (for
example, "Custom OAuth 2.0 connections now support configuring the client
authentication method (body vs. header) for the token exchange — see that guide
for details.").

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
`@src/content/docs/authenticate/custom-configurations/custom-oauth2-connection.mdx`:
- Line 85: In the sentence in the "Provider icons" section that reads "This icon
will appear on the sign up and sign in screens of your app," hyphenate the
compound modifiers by changing "sign up" and "sign in" to "sign-up" and
"sign-in" so they correctly modify "screens"; locate the phrase under the
Provider icons paragraph in custom-oauth2-connection.mdx and update those two
instances accordingly.

---

Nitpick comments:
In `@src/content/docs/authenticate/social-sign-in/add-social-sign-in.mdx`:
- Line 54: Update the sentence to use a single consistent OAuth naming style:
change either "Custom OAuth 2.0 connections" or the later "OAuth2" to match
(e.g., use "OAuth 2.0" in both places). Specifically edit the sentence
containing "Custom OAuth 2.0 connections" and "OAuth2" so both occurrences use
the same format (for example, "Custom OAuth 2.0 connections now support
configuring the client authentication method (body vs. header) for the token
exchange — see that guide for details.").

---

ℹ️ Review info

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7e9f08d and f5f8cf7.

📒 Files selected for processing (2)

• src/content/docs/authenticate/custom-configurations/custom-oauth2-connection.mdx
• src/content/docs/authenticate/social-sign-in/add-social-sign-in.mdx