Upgrade from 7.0.8 to 7.1.0: Invalid client secret

[mlsomers]

IdentityServer version

7.1.0

.NET version

9

Description

After upgrading the NuGet packages we get welcomed by an error on the client:
OpenIdConnectProtocolException: Message contains error: 'invalid_client', error_description: 'error_description is null', error_uri: 'error_uri is null'.

When debugging the server side we find the logfile in the trace (see below)

I have tried adding the NuGet package "Duende.IdentityModel" V 7.0.0 on both server and client, but it does not help.

We have 6 other packages with Microsoft.IdentityModel and 1 with System.IdentityModel aal of these have version 8.01.

Reproduction steps

Simply upgrade the NuGet package, in my case...

Expected behavior

No response

Logs

Duende.IdentityServer.Hosting.IdentityServerMiddleware: Information: Invoking IdentityServer endpoint: Duende.IdentityServer.Endpoints.DiscoveryEndpoint for /.well-known/openid-configuration
Duende.IdentityServer.Hosting.IdentityServerMiddleware: Information: Invoking IdentityServer endpoint: Duende.IdentityServer.Endpoints.DiscoveryKeyEndpoint for /.well-known/openid-configuration/jwks
Duende.IdentityServer.Hosting.IdentityServerMiddleware: Information: Invoking IdentityServer endpoint: Duende.IdentityServer.Endpoints.PushedAuthorizationEndpoint for /connect/par
Duende.IdentityServer.Events.DefaultEventService: Information: {
  "ClientId": "Client",
  "Category": "Authentication",
  "Name": "Client Authentication Failure",
  "EventType": "Failure",
  "Id": 1011,
  "Message": "Invalid client secret",
  "ActivityId": "0HNAALF3NR8A9:00000003",
  "TimeStamp": "2025-02-11T15:16:41.7454965",
  "ProcessId": 12940,
  "LocalIpAddress": "::1:3022",
  "RemoteIpAddress": "::1"
}
Duende.IdentityServer.Validation.ClientSecretValidator: Error: Client secret validation failed for client: InternalApiClient.
Duende.IdentityServer.Endpoints.PushedAuthorizationEndpoint: Error: Client secret validation failed

### Additional context

_No response_

[mlsomers]

After reconfiguring the GrantType, from Implicit flow to Code, It all works again.
Guess the problem is only with Implicit, which should be upgraded any way.

[RolandGuijt]

In your logs I see that you're using PAR. It's not common to use this in combination with implicit flow.
Is there any particular reason you're doing that?

[mlsomers]

Thanks for pointing that out, I'll have to check, I guess it's a remnant from the past.