diff --git a/security/providers/oidc-common/src/main/java/io/helidon/security/providers/oidc/common/OidcConfig.java b/security/providers/oidc-common/src/main/java/io/helidon/security/providers/oidc/common/OidcConfig.java
index bf212e11fb5..7dff62b84f4 100644
--- a/security/providers/oidc-common/src/main/java/io/helidon/security/providers/oidc/common/OidcConfig.java
+++ b/security/providers/oidc-common/src/main/java/io/helidon/security/providers/oidc/common/OidcConfig.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, 2022 Oracle and/or its affiliates.
+ * Copyright (c) 2018, 2023 Oracle and/or its affiliates.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -35,6 +35,7 @@
 import io.helidon.common.Errors;
 import io.helidon.common.LazyValue;
 import io.helidon.common.configurable.Resource;
+import io.helidon.common.http.FormParams;
 import io.helidon.common.http.Http;
 import io.helidon.common.http.SetCookie;
 import io.helidon.common.reactive.Single;
@@ -882,6 +883,22 @@ public URI introspectUri() {
         return defaultTenant.get().introspectUri();
     }
 
+    /**
+     * Update request that uses form params with authentication.
+     *
+     * @param type type of the request
+     * @param request request builder
+     * @param form form params builder
+     * @deprecated this will be removed without replacement
+     */
+    @Deprecated(since = "2.5.5", forRemoval = true)
+    public void updateRequest(RequestType type, WebClientRequestBuilder request, FormParams.Builder form) {
+        if (type == RequestType.CODE_TO_TOKEN && tokenEndpointAuthentication() == ClientAuthentication.CLIENT_SECRET_POST) {
+            form.add("client_id", clientId());
+            form.add("client_secret", clientSecret());
+        }
+    }
+
     Supplier<WebClient.Builder> webClientBuilderSupplier() {
         return webClientBuilderSupplier;
     }