Fix the invalid_client error when request token without the client_secret field (#1288)

* Fix the invalid_client error when request token without the client_secret field.

* add a CHANGELOG entry since this is a user-visible change.

---------

Co-authored-by: Glauco Junior <[email protected]>
Co-authored-by: Alan Crosswell <[email protected]>

Author: 3 people

AUTHORS

@@ -55,6 +55,7 @@ Federico Dolce
 Florian Demmer
 Frederico Vieira
 Gaël Utard
+Glauco Junior
 Hasan Ramezani
 Hiroki Kiyohara
 Hossein Shakiba

CHANGELOG.md

@@ -37,6 +37,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 * #1357 Move import of setting_changed signal from test to django core modules
 * #1268 fix prompt=none redirects to login screen
 * #1381 fix AttributeError in OAuth2ExtraTokenMiddleware when a custom AccessToken model is used
+* #1288 fixes #1276 which attempt to resolve #1092 for requests that don't have a client_secret per [RFC 6749 4.1.1](https://www.rfc-editor.org/rfc/rfc6749.html#section-4.1.1)
 
 ### Removed
 * #1350 Remove support for Python 3.7 and Django 2.2

oauth2_provider/oauth2_validators.py

@@ -183,7 +183,7 @@ def _authenticate_request_body(self, request):
         # TODO: check if oauthlib has already unquoted client_id and client_secret
         try:
             client_id = request.client_id
-            client_secret = getattr(request, "client_secret", "")
+            client_secret = getattr(request, "client_secret", "") or ""
         except AttributeError:
             return False