Enabled SAML SSO for agents. Now the POST /oauth/token with grant_type=client_credentials returns 401. The docs say machine-to-machine should work, but the token endpoint seems to be redirecting or rejecting the client_secret. Is there a specific setting to whitelist the OAuth client?
SAML shouldn’t touch the client credentials flow at all, so check if the OAuth client actually has the offline_access scope enabled. If it does, try regenerating the secret just in case the rotation got messed up during the SAML setup.