Devices that are public should not need basic auth

The device flow is initiated by sending the client_id and and a scope.
This check should not fail if the client is public

Author: duzumaki

oauth2_provider/oauth2_validators.py

@@ -167,6 +167,10 @@ def _authenticate_basic_auth(self, request):
         elif request.client.client_id != client_id:
             log.debug("Failed basic auth: wrong client id %s" % client_id)
             return False
+        elif (request.client.client_type == "public"
+              and request.grant_type == "urn:ietf:params:oauth:grant-type:device_code"
+        ):
+            return True
         elif not self._check_secret(client_secret, request.client.client_secret):
             log.debug("Failed basic auth: wrong client secret %s" % client_secret)
             return False