From 771d3952a33f835eb32cc3bc927f32241e8ffb8f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=89loi=20Rivard?= <eloi@yaal.coop>
Date: Sat, 18 Nov 2023 19:20:14 +0100
Subject: [PATCH] feat: OIDC password grant supports other client
 authentication methods

---
 CHANGES.rst            | 5 +++++
 canaille/oidc/oauth.py | 2 ++
 2 files changed, 7 insertions(+)

diff --git a/CHANGES.rst b/CHANGES.rst
index dd53635e..55447d26 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -3,6 +3,11 @@ All notable changes to this project will be documented in this file.
 The format is based on `Keep a Changelog <https://keepachangelog.com/en/1.0.0/>`_,
 and this project adheres to `Semantic Versioning <https://semver.org/spec/v2.0.0.html>`_.
 
+Added
+*****
+
+- Refresh token grant supports other client authentication methods. :pr:`156`
+
 Changed
 *******
 
diff --git a/canaille/oidc/oauth.py b/canaille/oidc/oauth.py
index 973bb271..f80c826f 100644
--- a/canaille/oidc/oauth.py
+++ b/canaille/oidc/oauth.py
@@ -221,6 +221,8 @@ class PasswordGrant(_ResourceOwnerPasswordCredentialsGrant):
 
 
 class RefreshTokenGrant(_RefreshTokenGrant):
+    TOKEN_ENDPOINT_AUTH_METHODS = ["client_secret_basic", "client_secret_post", "none"]
+
     def authenticate_refresh_token(self, refresh_token):
         token = models.Token.query(refresh_token=refresh_token)
         if token and token[0].is_refresh_token_active():