From 1796de10e6076f3083a858c17af7d0523f613918 Mon Sep 17 00:00:00 2001
From: Brian Engert <bengert@soliantconsulting.com>
Date: Fri, 18 Oct 2024 08:56:56 -0500
Subject: [PATCH] feat: make client_id and client_secret optional for the token
 endpoint

bshaffer/oauth2-server-php supports sending the client id and secret as http basic auth.  With client id and secret set as required clients that send them via basic auth instead of in the request body will get an error when they try to exchange the token.
---
 src/OpenIDConnectServer.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/OpenIDConnectServer.php b/src/OpenIDConnectServer.php
index 04b13f2..7c45285 100644
--- a/src/OpenIDConnectServer.php
+++ b/src/OpenIDConnectServer.php
@@ -106,11 +106,11 @@ private function expected_arguments_specification( $route ) {
 					),
 					'client_id'     => array(
 						'type'     => 'string',
-						'required' => true,
+						'required' => false,
 					),
 					'client_secret' => array(
 						'type'     => 'string',
-						'required' => true,
+						'required' => false,
 					),
 					'redirect_uri'  => array(
 						'type'     => 'string',