add client_secret, check for array key

Author: ylebre

solid/lib/Controller/ServerController.php

@@ -324,11 +324,12 @@ public function session() {
 	 */
 	public function token() {
 		$request = \Laminas\Diactoros\ServerRequestFactory::fromGlobals($_SERVER, $_GET, $_POST, $_COOKIE, $_FILES);
-		$grantType = $request->getParsedBody()['grant_type'];
-		$clientId = $request->getParsedBody()['client_id'];
+		$requestBody = $request->getParsedBody();
+		$grantType = $requestBody['grant_type'] ? $requestBody['grant_type'] : null;
+		$clientId = $requestBody['client_id'] ? $requestBody['client_id'] : null;
 		switch ($grantType) {
 			case "authorization_code":
-				$code = $request->getParsedBody()['code'];
+				$code = $requestBody['code'];
 				// FIXME: not sure if decoding this here is the way to go.
 				// FIXME: because this is a public page, the nonce from the session is not available here.
 				$codeInfo = $this->tokenGenerator->getCodeInfo($code);
@@ -338,7 +339,7 @@ public function token() {
 				}
 			break;
 			case "refresh_token":
-				$refreshToken = $request->getParsedBody()['refresh_token'];
+				$refreshToken = $requestBody['refresh_token'];
 				$tokenInfo = $this->tokenGenerator->getCodeInfo($refreshToken); // FIXME: getCodeInfo should be named 'decrypt' or 'getInfo'?
 				$userId = $tokenInfo['user_id'];
 				if (!$clientId) {

solid/tests/Unit/Controller/ServerControllerTest.php

@@ -348,6 +348,7 @@ public function testRegisterWithRedirectUris()
 				'registration_client_uri' => '',
 				'response_types' => ['id_token token'],
 				'token_endpoint_auth_method' => 'client_secret_basic',
+				'client_secret' => '3b5798fddd49e23662ee6fe801085100',
 			],
 			'headers' => [
 				'Cache-Control' => 'no-cache, no-store, must-revalidate',