Merge pull request #12 from faro-oss/faro-upstream/feature/PKCE

Output info message when PKCE without client_secret used on confident…
faro-oss · Oct 15, 2020 · 3b1f1a5 · 3b1f1a5
2 parents 0063431 + a3ed229
commit 3b1f1a5
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/server/handlers.go b/server/handlers.go
@@ -760,8 +760,8 @@ func (s *Server) handleToken(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	if clientSecret == "" && client.Secret != "" && r.PostFormValue("code_verifier") != "" {
-		s.tokenErrHelper(w, errInvalidClient, "Missing client credentials. If you want to use PKCE without client_secret, create a public dex client.", http.StatusUnauthorized)
-		return
+		s.logger.Infof("detected PKCE token request without client_secret on client %s. "+
+			"Set the client to be pubic without client_secret, if you want to allow this.", client.ID)
 	}
 	if client.Secret != clientSecret {
 		s.tokenErrHelper(w, errInvalidClient, "Invalid client credentials.", http.StatusUnauthorized)