oauth2: remove unnecessary ClientSecret check

Since the empty client secret is permitted by the OAuth 2.0 spec. The check for clientSecret in retriveTokoen is unnecessary. Redo #6740 Signed-off-by: Hu Keping <hukeping@huawei.com> Change-Id: I9126c79a1f8b9d6051c213ee3f93c442a36ca65d Reviewed-on: https://go-review.googlesource.com/6900 Reviewed-by: Andrew Gerrand <adg@golang.org>
2025-07-21 00:00:09 +08:00 · 2015-03-05 19:30:40 +08:00 · 2015-03-05 19:30:40 +08:00 · 5a0a1b2881
commit 5a0a1b2881
parent 96e89befdc
1 changed files with 1 additions and 1 deletions
--- a/oauth2.go
+++ b/oauth2.go
@ -308,7 +308,7 @@ func retrieveToken(ctx context.Context, c *Config, v url.Values) (*Token, error)
 		return nil, err
 	}
 	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
-	if !bustedAuth && c.ClientSecret != "" {
+	if !bustedAuth {
 		req.SetBasicAuth(c.ClientID, c.ClientSecret)
 	}
 	r, err := hc.Do(req)