If an invalid client-authentication-method is configured (eg "basic"), then the authorization code request is made with no credentials which makes troubleshooting more difficult. Instead, a meaningful error message should be provided on the client if the client-authentication-method is invalid.