First, a Client Secret isn’t an OAuth token. You need to follow the Authentication docs to get an OAuth token used to make requests.
Secondly, you can’t send the Authorization or Client-ID as querystring params, they must be sent as headers in the request.