From fb8f47e86839b1f04cc9e1372f3855ce931ce4d9 Mon Sep 17 00:00:00 2001
From: Alex Bilbie <hello@alexbilbie.com>
Date: Mon, 18 Apr 2016 08:32:49 +0100
Subject: [PATCH] Added $mustValidateSecret parameter to
 ClientRepositoryInterface:: getClientEntity(). Fixes #550

---
 src/Grant/AbstractGrant.php                    |  3 ++-
 src/Grant/AuthCodeGrant.php                    |  4 +++-
 src/Grant/ImplicitGrant.php                    |  4 +++-
 src/Repositories/ClientRepositoryInterface.php | 10 ++++++----
 4 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/src/Grant/AbstractGrant.php b/src/Grant/AbstractGrant.php
index 21909712..cef10008 100644
--- a/src/Grant/AbstractGrant.php
+++ b/src/Grant/AbstractGrant.php
@@ -161,7 +161,8 @@ abstract class AbstractGrant implements GrantTypeInterface
         $client = $this->clientRepository->getClientEntity(
             $clientId,
             $this->getIdentifier(),
-            $clientSecret
+            $clientSecret,
+            true
         );
 
         if (!$client instanceof ClientEntityInterface) {
diff --git a/src/Grant/AuthCodeGrant.php b/src/Grant/AuthCodeGrant.php
index 64ae2dcc..75454707 100644
--- a/src/Grant/AuthCodeGrant.php
+++ b/src/Grant/AuthCodeGrant.php
@@ -165,7 +165,9 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
 
         $client = $this->clientRepository->getClientEntity(
             $clientId,
-            $this->getIdentifier()
+            $this->getIdentifier(),
+            null,
+            false
         );
 
         if ($client instanceof ClientEntityInterface === false) {
diff --git a/src/Grant/ImplicitGrant.php b/src/Grant/ImplicitGrant.php
index e7ac0d15..6dc53172 100644
--- a/src/Grant/ImplicitGrant.php
+++ b/src/Grant/ImplicitGrant.php
@@ -117,7 +117,9 @@ class ImplicitGrant extends AbstractAuthorizeGrant
 
         $client = $this->clientRepository->getClientEntity(
             $clientId,
-            $this->getIdentifier()
+            $this->getIdentifier(),
+            null,
+            false
         );
 
         if ($client instanceof ClientEntityInterface === false) {
diff --git a/src/Repositories/ClientRepositoryInterface.php b/src/Repositories/ClientRepositoryInterface.php
index a5d4c32d..fc56c2f3 100644
--- a/src/Repositories/ClientRepositoryInterface.php
+++ b/src/Repositories/ClientRepositoryInterface.php
@@ -16,11 +16,13 @@ interface ClientRepositoryInterface extends RepositoryInterface
     /**
      * Get a client.
      *
-     * @param string      $clientIdentifier The client's identifier
-     * @param string      $grantType        The grant type used
-     * @param null|string $clientSecret     The client's secret (if sent)
+     * @param string      $clientIdentifier   The client's identifier
+     * @param string      $grantType          The grant type used
+     * @param null|string $clientSecret       The client's secret (if sent)
+     * @param bool        $mustValidateSecret If true the client must attempt to validate the secret unless the client
+     *                                        is confidential
      *
      * @return \League\OAuth2\Server\Entities\ClientEntityInterface
      */
-    public function getClientEntity($clientIdentifier, $grantType, $clientSecret = null);
+    public function getClientEntity($clientIdentifier, $grantType, $clientSecret = null, $mustValidateSecret = true);
 }