From 0f68fadb9ade1cc4cac2ccd9e40b78e4a4588638 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Steffen=20P=C3=B8hner=20Henriksen?= <str3sses@gmail.com>
Date: Fri, 19 Feb 2021 10:18:54 +0100
Subject: [PATCH] Allow public clients created with API to have no
 client_secret (#1871)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Steffen Pøhner Henriksen <str3sses@gmail.com>
---
 server/api.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/api.go b/server/api.go
index 9f2e4777..5560c3bc 100644
--- a/server/api.go
+++ b/server/api.go
@@ -50,7 +50,7 @@ func (d dexAPI) CreateClient(ctx context.Context, req *api.CreateClientReq) (*ap
 	if req.Client.Id == "" {
 		req.Client.Id = storage.NewID()
 	}
-	if req.Client.Secret == "" {
+	if req.Client.Secret == "" && !req.Client.Public {
 		req.Client.Secret = storage.NewID() + storage.NewID()
 	}