From 054d450a45474cd8099622b73653349bea4ec7e9 Mon Sep 17 00:00:00 2001
From: Scott O'Hara <scott@oharagroup.net>
Date: Sat, 29 Sep 2018 11:40:38 +1000
Subject: [PATCH] fix: add client_id and client_secret to form when type is
 request-body (via #4213)

---
 src/core/plugins/auth/actions.js | 30 +++++++++++++++++++++---------
 1 file changed, 21 insertions(+), 9 deletions(-)

diff --git a/src/core/plugins/auth/actions.js b/src/core/plugins/auth/actions.js
index 8459ee49..45dbf727 100644
--- a/src/core/plugins/auth/actions.js
+++ b/src/core/plugins/auth/actions.js
@@ -84,21 +84,33 @@ export const authorizePassword = ( auth ) => ( { authActions } ) => {
   } else {
     Object.assign(form, {username}, {password})
 
-    if ( passwordType === "query") {
-      if ( clientId ) {
-        query.client_id = clientId
-      }
-      if ( clientSecret ) {
-        query.client_secret = clientSecret
-      }
-    } else {
-      headers.Authorization = "Basic " + btoa(clientId + ":" + clientSecret)
+    switch ( passwordType ) {
+      case "query":
+        setClientIdAndSecret(query, clientId, clientSecret)
+        break
+
+      case "request-body":
+        setClientIdAndSecret(form, clientId, clientSecret)
+        break
+
+      default:
+        headers.Authorization = "Basic " + btoa(clientId + ":" + clientSecret)
     }
   }
 
   return authActions.authorizeRequest({ body: buildFormData(form), url: schema.get("tokenUrl"), name, headers, query, auth})
 }
 
+function setClientIdAndSecret(target, clientId, clientSecret) {
+  if ( clientId ) {
+    Object.assign(target, {client_id: clientId})
+  }
+
+  if ( clientSecret ) {
+    Object.assign(target, {client_secret: clientSecret})
+  }
+}
+
 export const authorizeApplication = ( auth ) => ( { authActions } ) => {
   let { schema, scopes, name, clientId, clientSecret } = auth
   let headers = {