Optionalize client_secret on client_secret_post

[kaioduarte]

I have an issue integrating Cognito with an empty client secret with Next Auth because of this constraint. However, according to the RFC, this field is not mandatory in this condition.

Alternatively, the authorization server MAY support including the
client credentials in the request-body using the following
parameters:

   client_id
         REQUIRED.  The client identifier issued to the client during
         the registration process described by [Section 2.2](https://datatracker.ietf.org/doc/html/rfc6749#section-2.2).

   client_secret
         REQUIRED.  The client secret.  The client MAY omit the
         parameter if the client secret is an empty string.

I'm happy to make a PR if you agree, otherwise I can just patch-package the package and move forward.

[panva]

Why don't you just set the method to "none"?

[panva]

https://github.com/panva/oauth4webapi/blob/main/docs/types/ClientAuthenticationMethod.md

[kaioduarte]

It worked well, thank you for the prompt answer!

I was trying to mimic the behavior of oidc-client-ts and they use client_secret_post with an optional client_secret, but none worked like a charm.