From c63737d574eacd75bffed582fda82e6b537ea532 Mon Sep 17 00:00:00 2001
From: Vladimir Slesarev <razzak66@bk.ru>
Date: Wed, 10 Aug 2022 20:28:37 +0400
Subject: [PATCH] fix(auth): client_secret may appear in non-authcode flows
 while also using PKCE (#8146)

---
 src/core/components/auth/oauth2.jsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/core/components/auth/oauth2.jsx b/src/core/components/auth/oauth2.jsx
index 9afa70b4..33187033 100644
--- a/src/core/components/auth/oauth2.jsx
+++ b/src/core/components/auth/oauth2.jsx
@@ -212,7 +212,7 @@ export default class Oauth2 extends React.Component {
         }
 
         {
-          ( (flow === AUTH_FLOW_APPLICATION || flow === AUTH_FLOW_ACCESS_CODE || flow === AUTH_FLOW_PASSWORD) && !isPkceCodeGrant && <Row>
+          ( (flow === AUTH_FLOW_APPLICATION || flow === AUTH_FLOW_ACCESS_CODE && !isPkceCodeGrant || flow === AUTH_FLOW_PASSWORD) && <Row>
             <label htmlFor="client_secret">client_secret:</label>
             {
               isAuthorized ? <code> ****** </code>