for some SPA client_secret is not required to be sent for fetching token

For the following code:
```
exports.OAuth2.prototype.getOAuthAccessToken= function(code, params, callback) {
  var params= params || {};
  params['client_id'] = this._clientId;
  params['client_secret'] = this._clientSecret;

```
For some OIDC clients, the `client_secret` is not required to be passed. For example, with ORY,
[ory doc](https://www.ory.sh/docs/oauth2-oidc/authorization-code-flow), the example shows that client_secret is removed. 

But for some the others like OKTA, client_secret is required.

I am using passport-js 's strategy `@govtechsg/passport-openidconnect` with pkce workflow which uses this library. It requires this option.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

for some SPA client_secret is not required to be sent for fetching token #381

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

for some SPA client_secret is not required to be sent for fetching token #381

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions