feat: make client_id and client_secret optional for the token endpoint

bshaffer/oauth2-server-php supports sending the client id and secret as http basic auth. With client id and secret set as required clients that send them via basic auth instead of in the request body will get an error when they try to exchange the token.
Automattic · Oct 18, 2024 · 1796de1 · 1796de1
1 parent 98b3647
commit 1796de1
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/OpenIDConnectServer.php b/src/OpenIDConnectServer.php
@@ -106,11 +106,11 @@ private function expected_arguments_specification( $route ) {
 					),
 					'client_id'     => array(
 						'type'     => 'string',
-						'required' => true,
+						'required' => false,
 					),
 					'client_secret' => array(
 						'type'     => 'string',
-						'required' => true,
+						'required' => false,
 					),
 					'redirect_uri'  => array(
 						'type'     => 'string',