This depends on whether your app is a confidential client or a public client, client_secret
parameters are required for confidential web apps, and if you want to generate a delegated access token without client_secret parameters, you need to enable public client flows for your app.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.