fix: change client_secret in refresh_token API as optional (#540)

Signed-off-by: Yixiang Zhao <seriouszyx@foxmail.com>
2025-07-02 11:20:18 +08:00 · 2022-03-07 13:52:51 +08:00
parent 4f9a13f18a
commit 8a9cc2eb8f
2 changed files with 2 additions and 2 deletions
--- a/object/token.go
+++ b/object/token.go
@ -379,7 +379,7 @@ func RefreshToken(grantType string, refreshToken string, scope string, clientId
 			Scope:       "",
 		}
 	}
-	if application.ClientSecret != clientSecret {
+	if clientSecret != "" && application.ClientSecret != clientSecret {
 		return &TokenWrapper{
 			AccessToken: "error: invalid client_secret",
 			TokenType:   "",