From b4e19944af7a59c6a0ff77744d13db7eff43ab61 Mon Sep 17 00:00:00 2001
From: Dusan Jakub <dusan.jakub@ysoft.com>
Date: Wed, 18 Oct 2023 13:09:33 +0200
Subject: [PATCH] accept any secret for open clients

---
 src/main/java/com/ysoft/geecon/dto/OAuthClient.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/main/java/com/ysoft/geecon/dto/OAuthClient.java b/src/main/java/com/ysoft/geecon/dto/OAuthClient.java
index 75f58d7..3a1b014 100644
--- a/src/main/java/com/ysoft/geecon/dto/OAuthClient.java
+++ b/src/main/java/com/ysoft/geecon/dto/OAuthClient.java
@@ -9,6 +9,7 @@ public record OAuthClient(String clientId, String description, String clientSecr
     }
 
     public boolean validateSecret(String clientSecret) {
-        return Objects.equals(clientSecret, this.clientSecret);
+        // WARN: For open clients we purposefully accept any secrets
+        return this.clientSecret == null || Objects.equals(clientSecret, this.clientSecret);
     }
 }