I solved it by make the following changes:

1. set the client to use form encoded body as authentication type (in the OAuth 2.0 setup of the Management Portal)

2. Move the grant_type parameter to the querystring (like https://[oauth-server-adress]/token?grant_type=authorization_code

3. make sure the POST request used form encoded body as content type

Thanks for your answer. From which method would you then call HandleDefaultCors? That is, should I only define HandleDefaultCors in my superclass and then use OnHandleCorsRequest in my subclasses?

Michele has no followers yet.
Michele has not followed anybody yet.
Global Masters badges:
Michele has no Global Masters badges yet.