DuendeSoftware · jon4hz · Jan 2, 2026 · Copilot · Jan 2, 2026 · jon4hz
diff --git a/identity-model/src/IdentityModel/Client/HttpClientDeviceFlowExtensions.cs b/identity-model/src/IdentityModel/Client/HttpClientDeviceFlowExtensions.cs
@@ -22,6 +22,7 @@ public static async Task<DeviceAuthorizationResponse> RequestDeviceAuthorization
         var clone = request.Clone();
 
         clone.Parameters.AddOptional(OidcConstants.AuthorizeRequest.Scope, request.Scope);
+        clone.Parameters.AddRequired(OidcConstants.AuthorizeRequest.ClientId, request.ClientId);
-        clone.Parameters.AddRequired(OidcConstants.AuthorizeRequest.ClientId, request.ClientId);
+
+        // client id is always required, and will be added by the call to
+        // Prepare() for other client credential styles.
+        if (request.ClientCredentialStyle == ClientCredentialStyle.AuthorizationHeader)
+        {
+            clone.Parameters.AddRequired(OidcConstants.AuthorizeRequest.ClientId, request.ClientId);
+        }
-        clone.Parameters.AddRequired(OidcConstants.AuthorizeRequest.ClientId, request.ClientId);
+
+        // client id is always required, and will be added by the call to
+        // Prepare() for other client credential styles.
+        if (request.ClientCredentialStyle == ClientCredentialStyle.AuthorizationHeader)
+        {
+            clone.Parameters.AddRequired(OidcConstants.AuthorizeRequest.ClientId, request.ClientId);
+        }
         clone.Method = HttpMethod.Post;
         clone.Prepare();