I'm sending a DELETE server method to an API protected by Oauth2, however, I get the following message.
"error_description": "When putting the token in the body, the method must be POST or PUT"
The entire security of OAuth2 is based on the SSL/TLS. Access Tokens are usually passed to the server in the header like this:
Authorization: Bearer ee000c4eb0610ed1ed3115571133fcead52b2233
In requests like GET and DELETE the access token must be passed in the header. For POST and PUT requests it is okay to send it in the body, but sending it in the header is recommended.