From 922eccf993d440a7e282757182458c31847afc12 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=B4=94=E5=B3=A5?= <zheng.cuizh@gmail.com>
Date: Sun, 29 Jul 2018 18:01:18 +0800
Subject: [PATCH] complement authorization code request
 https://www.oauth.com/oauth2-servers/access-tokens/authorization-code-request
 check this part: client_id (required if no other client authentication is
 present)

now this server has only basicauth way, not support get client_id and secret from post body.
make it support both for basicauth or post body form.
---
 oauth/handlers.go | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/oauth/handlers.go b/oauth/handlers.go
index cbb11b6b..3c77f8b0 100644
--- a/oauth/handlers.go
+++ b/oauth/handlers.go
@@ -80,12 +80,23 @@ func (s *Service) introspectHandler(w http.ResponseWriter, r *http.Request) {
 
 // Get client credentials from basic auth and try to authenticate client
 func (s *Service) basicAuthClient(r *http.Request) (*models.OauthClient, error) {
+	var clientID, secret string
+	var ok bool
+
+	clientID = r.Form.Get("client_id")
+	secret = r.Form.Get("client_secret")
+
+	if clientID != "" && secret != "" {
+		goto AUTH
+	}
+
 	// Get client credentials from basic auth
-	clientID, secret, ok := r.BasicAuth()
+	clientID, secret, ok = r.BasicAuth()
 	if !ok {
 		return nil, ErrInvalidClientIDOrSecret
 	}
 
+AUTH:
 	// Authenticate the client
 	client, err := s.AuthClient(clientID, secret)
 	if err != nil {