1.46.5

(fix): Honor the OAuth client-credentials token endpoint’s declared request content-type instead of unconditionally forcing application/x-www-form-urlencoded. Token endpoints that consume application/json now send Content-Type: application/json, while form-urlencoded remains the default when the spec does not declare a content-type (per RFC 6749 §4.4.2). Previously a JSON token endpoint received an HTTP 415 that surfaced as a generic 401.