fix: add client_id and client_secret to form when type is request-body (via #4213)

src/core/plugins/auth/actions.js

@@ -84,14 +84,16 @@ export const authorizePassword = ( auth ) => ( { authActions } ) => {
   } else {
     Object.assign(form, {username}, {password})
 
-    if ( passwordType === "query") {
-      if ( clientId ) {
-        query.client_id = clientId
-      }
-      if ( clientSecret ) {
-        query.client_secret = clientSecret
-      }
-    } else {
+    switch ( passwordType ) {
+      case "query":
+        setClientIdAndSecret(query, clientId, clientSecret)
+        break
+
+      case "request-body":
+        setClientIdAndSecret(form, clientId, clientSecret)
+        break
+
+      default:
         headers.Authorization = "Basic " + btoa(clientId + ":" + clientSecret)
     }
   }
@@ -99,6 +101,16 @@ export const authorizePassword = ( auth ) => ( { authActions } ) => {
   return authActions.authorizeRequest({ body: buildFormData(form), url: schema.get("tokenUrl"), name, headers, query, auth})
 }
 
+function setClientIdAndSecret(target, clientId, clientSecret) {
+  if ( clientId ) {
+    Object.assign(target, {client_id: clientId})
+  }
+
+  if ( clientSecret ) {
+    Object.assign(target, {client_secret: clientSecret})
+  }
+}
+
 export const authorizeApplication = ( auth ) => ( { authActions } ) => {
   let { schema, scopes, name, clientId, clientSecret } = auth
   let headers = {