internal: don't set client_id and client_secret form values if empty

Fixes golang/oauth2#220. Change-Id: Ic43b10971e102a8571c7bc895c3ad02b80b685ee Reviewed-on: https://go-review.googlesource.com/38135 Reviewed-by: Chris Broadfoot <cbro@golang.org>
2017-03-13 12:46:53 -07:00
parent 01b79d9447
commit 1611bb46e6
2 changed files with 32 additions and 3 deletions
--- a/internal/token.go
+++ b/internal/token.go
@@ -155,9 +155,13 @@ func RetrieveToken(ctx context.Context, clientID, clientSecret, tokenURL string,
 		return nil, err
 	}
 	bustedAuth := !providerAuthHeaderWorks(tokenURL)
-	if bustedAuth && clientSecret != "" {
-		v.Set("client_id", clientID)
-		v.Set("client_secret", clientSecret)
+	if bustedAuth {
+		if clientID != "" {
+			v.Set("client_id", clientID)
+		}
+		if clientSecret != "" {
+			v.Set("client_secret", clientSecret)
+		}
 	}
 	req, err := http.NewRequest("POST", tokenURL, strings.NewReader(v.Encode()))
 	if err != nil {