omit the client_secret parameter if it is an empty string while refreshing token (thanks to https://github.com/KungfuPancake)

kullfar · kullfar · commit c1d9a5464177 · 2017-05-15T14:43:51.000+03:00
diff --git a/changelog b/changelog
@@ -1,4 +1,5 @@
 [SNAPSHOT]
+ * omit the client_secret parameter if it is an empty string while refreshing token (thanks to https://github.com/KungfuPancake)
 
 [4.1.0]
  * make client_secret optional in OAuth2 while requesting AccessToken (if set to null, it's not required by OAuth2 specs)
diff --git a/scribejava-core/src/main/java/com/github/scribejava/core/oauth/OAuth20Service.java b/scribejava-core/src/main/java/com/github/scribejava/core/oauth/OAuth20Service.java
@@ -123,8 +123,9 @@ protected OAuthRequest createRefreshTokenRequest(String refreshToken) {
         final OAuthRequest request = new OAuthRequest(api.getAccessTokenVerb(), api.getRefreshTokenEndpoint());
         final OAuthConfig config = getConfig();
         request.addParameter(OAuthConstants.CLIENT_ID, config.getApiKey());
-        if (config.getApiSecret() != null) {
-            request.addParameter(OAuthConstants.CLIENT_SECRET, config.getApiSecret());
+        final String apiSecret = config.getApiSecret();
+        if (apiSecret != null) {
+            request.addParameter(OAuthConstants.CLIENT_SECRET, apiSecret);
         }
         request.addParameter(OAuthConstants.REFRESH_TOKEN, refreshToken);
         request.addParameter(OAuthConstants.GRANT_TYPE, OAuthConstants.REFRESH_TOKEN);

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,5 @@`
`1`	`1`	`[SNAPSHOT]`
	`2`	`+ * omit the client_secret parameter if it is an empty string while refreshing token (thanks to https://github.com/KungfuPancake)`
`2`	`3`
`3`	`4`	`[4.1.0]`
`4`	`5`	`* make client_secret optional in OAuth2 while requesting AccessToken (if set to null, it's not required by OAuth2 specs)`