fix: only allow one authenticate method

[suqin-haha]

according to the RFC 6749 §2.3 The client MUST NOT use more than one authentication method in each request.

this PR resolve issue #857

1. add the logic to only have one authenticate method in client side
2. add the restrict on the OP side to only allow one authenticate method.

NOTE: it's a breaking change since it removes ClientSecretBasicAuthRequest interface and func Auth( code.

test:
added united test

Definition of Ready

• I am happy with the code
• Short description of the feature/issue is added in the pr description
  - [ ] PR is linked to the corresponding user story
• Acceptance criteria are met
  - [ ] All open todos and follow ups are defined in a new ticket and justified
  - [ ] Deviations from the acceptance criteria and design are agreed with the PO and documented.
• No debug or dead code
• My code has no repetitions
• Critical parts are tested automatically
  - [ ] Where possible E2E tests are implemented
  - [ ] Documentation/examples are up-to-date
• All non-functional requirements are met
  - [ ] Functionality of the acceptance criteria is checked manually on the dev system.

[muhlemmer]

@wim07101993 can you please review this PR?

[wim07101993]

Removing this method creates a breaking change. Both in changing the public api and removing the implementation of the ClientSecretBasicAuthRequest interface. Wouldn't there be another solution without breaking changes?

[suqin-haha]

it's a wrong behavior we should mark the release as broken or bug ASAP.

I don't have any idea to fix it without breaking change. Does any one have a good migration idea?

[wim07101993]

@muhlemmer what do you think about this?

[suqin-haha]

any update on that issue?
feel free to bring up migration idea.
Or we might need to make it as a break change release?

[wim07101993]

@suqin-haha thank you for the contribution. Could you have a look at my comments?