diff --git a/contrib/meson.build b/contrib/meson.build
index ed30ee7d639..9d2ca41c2f4 100644
--- a/contrib/meson.build
+++ b/contrib/meson.build
@@ -52,7 +52,7 @@ subdir('pg_prewarm')
 subdir('pgrowlocks')
 subdir('pg_stat_statements')
 subdir('pgstattuple')
-subdir('pg_surgery')
+subdir('pg_oidc')
 subdir('pg_trgm')
 subdir('pg_visibility')
 subdir('pg_walinspect')
diff --git a/src/interfaces/libpq-oauth/oauth-curl.c b/src/interfaces/libpq-oauth/oauth-curl.c
index aa50b00d053..72d0f1459f8 100644
--- a/src/interfaces/libpq-oauth/oauth-curl.c
+++ b/src/interfaces/libpq-oauth/oauth-curl.c
@@ -2347,12 +2347,13 @@ add_client_identification(struct async_ctx *actx, PQExpBuffer reqbody, PGconn *c
 		 * If we're not otherwise authenticating, client_id is REQUIRED in the
 		 * request body.
 		 */
-		build_urlencoded(reqbody, "client_id", oauth_client_id);
 
 		CHECK_SETOPT(actx, CURLOPT_HTTPAUTH, CURLAUTH_NONE, goto cleanup);
 		actx->used_basic_auth = false;
 	}
 
+	build_urlencoded(reqbody, "client_id", oauth_client_id);
+
 	success = true;
 
 cleanup:
@@ -2517,7 +2518,7 @@ finish_token_request(struct async_ctx *actx, struct token *tok)
 	 * return which would violate the specification. For now we stick to the
 	 * specification but we might have to revisit this.
 	 */
-	if (response_code == 400 || response_code == 401)
+	if (response_code == 400 || response_code == 401 || response_code == 428)
 	{
 		if (!parse_token_error(actx, &tok->err))
 			return false;