oauth2: remove unnecessary ClientSecret check
Since the empty client secret is permitted by the OAuth 2.0 spec.
The check for clientSecret in retriveTokoen is unnecessary.
Redo #6740
Signed-off-by: Hu Keping <hukeping@huawei.com>
Change-Id: I9126c79a1f8b9d6051c213ee3f93c442a36ca65d
Reviewed-on: https://go-review.googlesource.com/6900
Reviewed-by: Andrew Gerrand <adg@golang.org>
diff --git a/oauth2.go b/oauth2.go
index 26828b9..21d2730 100644
--- a/oauth2.go
+++ b/oauth2.go
@@ -308,7 +308,7 @@
return nil, err
}
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
- if !bustedAuth && c.ClientSecret != "" {
+ if !bustedAuth {
req.SetBasicAuth(c.ClientID, c.ClientSecret)
}
r, err := hc.Do(req)