Update request body validator

A public device code grant doesn't have a client_secret to check

Author: duzumaki

oauth2_provider/oauth2_validators.py

@@ -56,7 +56,7 @@
         AbstractApplication.GRANT_CLIENT_CREDENTIALS,
         AbstractApplication.GRANT_OPENID_HYBRID,
     ),
-    "urn:ietf:params:oauth:grant-type:device_code": (AbstractApplication.GRANT_DEVICE_CODE,)
+    "urn:ietf:params:oauth:grant-type:device_code": (AbstractApplication.GRANT_DEVICE_CODE,),
 }
 
 Application = get_application_model()
@@ -167,8 +167,9 @@ def _authenticate_basic_auth(self, request):
         elif request.client.client_id != client_id:
             log.debug("Failed basic auth: wrong client id %s" % client_id)
             return False
-        elif (request.client.client_type == "public"
-              and request.grant_type == "urn:ietf:params:oauth:grant-type:device_code"
+        elif (
+            request.client.client_type == "public"
+            and request.grant_type == "urn:ietf:params:oauth:grant-type:device_code"
         ):
             return True
         elif not self._check_secret(client_secret, request.client.client_secret):
@@ -196,6 +197,11 @@ def _authenticate_request_body(self, request):
         if self._load_application(client_id, request) is None:
             log.debug("Failed body auth: Application %s does not exists" % client_id)
             return False
+        elif (
+            request.client.client_type == "public"
+            and request.grant_type == "urn:ietf:params:oauth:grant-type:device_code"
+        ):
+            return True
         elif not self._check_secret(client_secret, request.client.client_secret):
             log.debug("Failed body auth: wrong client secret %s" % client_secret)
             return False