From 19f6a24040577198b902c72656c8dfe12814cd79 Mon Sep 17 00:00:00 2001
From: Kanaris <2885934+Kanaris@users.noreply.github.com>
Date: Sat, 8 Nov 2025 23:14:54 -0800
Subject: [PATCH] Invert client_secret presence check

I think it is an issue. It didn't work without this change.
---
 .../PublicClientRefreshTokenAuthenticationConverter.java        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/auth-server/src/main/java/org/example/authserver/PublicClientRefreshTokenAuthenticationConverter.java b/auth-server/src/main/java/org/example/authserver/PublicClientRefreshTokenAuthenticationConverter.java
index 72ea8a1..defcded 100644
--- a/auth-server/src/main/java/org/example/authserver/PublicClientRefreshTokenAuthenticationConverter.java
+++ b/auth-server/src/main/java/org/example/authserver/PublicClientRefreshTokenAuthenticationConverter.java
@@ -36,7 +36,7 @@ public Authentication convert(HttpServletRequest request) {
 
         // client_secret (Should not be present)
         String clientSecret = request.getParameter(OAuth2ParameterNames.CLIENT_SECRET);
-        if (!StringUtils.hasText(clientSecret)) {
+        if (StringUtils.hasText(clientSecret)) {
             return null;
         }