google · joar · Mar 10, 2026 · Mar 12, 2026
diff --git a/src/google/adk/auth/exchanger/oauth2_credential_exchanger.py b/src/google/adk/auth/exchanger/oauth2_credential_exchanger.py
@@ -193,14 +193,17 @@ async def _exchange_authorization_code(
       return ExchangeResult(auth_credential, False)
 
     try:
+      # Do not pass client_id here; the OAuth2Session already handles its
+      # placement based on token_endpoint_auth_method (e.g. in the
+      # Authorization header for client_secret_basic, or in the body for
+      # client_secret_post and public clients).
       tokens = client.fetch_token(
           token_endpoint,
           authorization_response=self._normalize_auth_uri(
               auth_credential.oauth2.auth_response_uri
           ),
           code=auth_credential.oauth2.auth_code,
           grant_type=OAuthGrantType.AUTHORIZATION_CODE,
-          client_id=auth_credential.oauth2.client_id,
       )
       update_credential_with_tokens(auth_credential, tokens)
       logger.debug("Successfully exchanged authorization code for access token")

diff --git a/tests/unittests/auth/exchanger/test_oauth2_credential_exchanger.py b/tests/unittests/auth/exchanger/test_oauth2_credential_exchanger.py
@@ -343,7 +343,6 @@ async def test_exchange_normalize_uri(self, mock_oauth2_session):
         authorization_response="https://example.com/callback?code=auth_code",  # Normalized URI
         code="auth_code",
         grant_type=OAuthGrantType.AUTHORIZATION_CODE,
-        client_id="test_client_id",
     )
 
   async def test_determine_grant_type_client_credentials(self):