From 67be8ae285e9640a6c6e39f09326b263155198f1 Mon Sep 17 00:00:00 2001
From: Lakhan Samani <lakhan.m.samani@gmail.com>
Date: Wed, 16 Nov 2022 22:40:45 +0530
Subject: [PATCH] feat(server): allow using client_id & secret from basic auth
 header in token endpoint

---
 server/handlers/token.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/server/handlers/token.go b/server/handlers/token.go
index b515dd5..eb71392 100644
--- a/server/handlers/token.go
+++ b/server/handlers/token.go
@@ -64,6 +64,12 @@ func TokenHandler() gin.HandlerFunc {
 			})
 		}
 
+		// check if clientID & clientSecret are present as part of
+		// authorization header with basic auth
+		if clientID == "" && clientSecret == "" && codeVerifier == "" {
+			clientID, clientSecret, _ = gc.Request.BasicAuth()
+		}
+
 		if clientID == "" {
 			log.Debug("Client ID is empty")
 			gc.JSON(http.StatusBadRequest, gin.H{