From da9c65f5e30d4a27dc61a330e7e63fb45cc61b96 Mon Sep 17 00:00:00 2001
From: Miguel Martinez <martinezcanteromiguel@gmail.com>
Date: Wed, 24 Jan 2024 13:59:49 +0100
Subject: [PATCH] Update handlers.go

Compare secrets just on not public clients

Signed-off-by: Miguel Martinez <martinezcanteromiguel@gmail.com>
---
 server/handlers.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/handlers.go b/server/handlers.go
index 08a60d48..d6b9642b 100644
--- a/server/handlers.go
+++ b/server/handlers.go
@@ -813,7 +813,7 @@ func (s *Server) withClientFromStorage(w http.ResponseWriter, r *http.Request, h
 		return
 	}
 
-	if subtle.ConstantTimeCompare([]byte(client.Secret), []byte(clientSecret)) != 1 {
+	if !client.Public && subtle.ConstantTimeCompare([]byte(client.Secret), []byte(clientSecret)) != 1 {
 		if clientSecret == "" {
 			s.logger.Infof("missing client_secret on token request for client: %s", client.ID)
 		} else {