...

1. Client posts the client-id and client-secret to the token endpoint URL using specified authentication type and receives an access token or error message. At this point implementation should cache the token.
2. Client sends the access token to the REST API endpoint using the client_secret_basic authentication type.
3. REST API implementation validates the token using the JWKS URL.

Tickets

[IGNITE-19597] Ignite3 Basic Authentication Support - ASF JIRA (apache.org)