From 575fb524385231961ebb49654eab0cb5d0ed2a49 Mon Sep 17 00:00:00 2001 From: Michael Date: Sun, 22 Jan 2023 14:44:57 +0000 Subject: [PATCH] Fetch data from basic auth when one of the parameters is missing --- src/Module/OAuth/Token.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Module/OAuth/Token.php b/src/Module/OAuth/Token.php index 6f68215cc6..ecb65048d0 100644 --- a/src/Module/OAuth/Token.php +++ b/src/Module/OAuth/Token.php @@ -60,7 +60,7 @@ class Token extends BaseApi $authorization = $_SERVER['REDIRECT_REMOTE_USER'] ?? ''; } - if (empty($request['client_id']) && substr($authorization, 0, 6) == 'Basic ') { + if ((empty($request['client_id']) || empty($request['client_secret'])) && substr($authorization, 0, 6) == 'Basic ') { // Per RFC2617, usernames can't contain a colon but password can, // so we cut on the first colon to obtain the username and the password // @see https://www.rfc-editor.org/rfc/rfc2617#section-2