Check if ClientAssertionType is empty and add required check

authentication/authentication.go

@@ -267,7 +267,7 @@ func (a *Authentication) addClientAuthenticationToURLValues(params oauth.ClientA
 		body.Set("client_assertion", clientAssertion)
 		body.Set("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer")
 		break
-	case params.ClientAssertion != "":
+	case params.ClientAssertion != "" && params.ClientAssertionType != "":
 		body.Set("client_assertion", params.ClientAssertion)
 		body.Set("client_assertion_type", params.ClientAssertionType)
 		break
@@ -284,7 +284,7 @@ func (a *Authentication) addClientAuthenticationToURLValues(params oauth.ClientA
 }
 
 // Helper for adding client authentication to an oauth.ClientAuthentication struct.
-func (a *Authentication) addClientAuthenticationToClientAuthStruct(params *oauth.ClientAuthentication) error {
+func (a *Authentication) addClientAuthenticationToClientAuthStruct(params *oauth.ClientAuthentication, required bool) error {
 	if params.ClientID == "" {
 		params.ClientID = a.clientID
 	}
@@ -306,6 +306,10 @@ func (a *Authentication) addClientAuthenticationToClientAuthStruct(params *oauth
 		params.ClientSecret = a.clientSecret
 	}
 
+	if required && (params.ClientSecret == "" && params.ClientAssertion == "") {
+		return errors.New("client_secret or client_assertion is required but not provided")
+	}
+
 	return nil
 }
 

authentication/mfa.go

@@ -26,7 +26,7 @@ func (m *MFA) Challenge(ctx context.Context, body mfa.ChallengeRequest, opts ...
 		return nil, fmt.Errorf("Missing required fields: %s", strings.Join(missing, ", "))
 	}
 
-	err = m.authentication.addClientAuthenticationToClientAuthStruct(&body.ClientAuthentication)
+	err = m.authentication.addClientAuthenticationToClientAuthStruct(&body.ClientAuthentication, false)
 
 	if err != nil {
 		return nil, err

authentication/passwordless.go

@@ -18,7 +18,7 @@ type Passwordless manager
 //
 // See: https://auth0.com/docs/api/authentication?http#get-code-or-link
 func (p *Passwordless) SendEmail(ctx context.Context, params passwordless.SendEmailRequest, opts ...RequestOption) (r *passwordless.SendEmailResponse, err error) {
-	err = p.authentication.addClientAuthenticationToClientAuthStruct(&params.ClientAuthentication)
+	err = p.authentication.addClientAuthenticationToClientAuthStruct(&params.ClientAuthentication, false)
 	if err != nil {
 		return nil, err
 	}
@@ -33,7 +33,7 @@ func (p *Passwordless) SendEmail(ctx context.Context, params passwordless.SendEm
 //
 // See: https://auth0.com/docs/api/authentication?http#authenticate-user
 func (p *Passwordless) LoginWithEmail(ctx context.Context, params passwordless.LoginWithEmailRequest, validationOptions oauth.IDTokenValidationOptions, opts ...RequestOption) (t *oauth.TokenSet, err error) {
-	err = p.authentication.addClientAuthenticationToClientAuthStruct(&params.ClientAuthentication)
+	err = p.authentication.addClientAuthenticationToClientAuthStruct(&params.ClientAuthentication, false)
 	if err != nil {
 		return nil, err
 	}
@@ -64,7 +64,7 @@ func (p *Passwordless) LoginWithEmail(ctx context.Context, params passwordless.L
 //
 // See: https://auth0.com/docs/api/authentication?http#get-code-or-link
 func (p *Passwordless) SendSMS(ctx context.Context, params passwordless.SendSMSRequest, opts ...RequestOption) (r *passwordless.SendSMSResponse, err error) {
-	err = p.authentication.addClientAuthenticationToClientAuthStruct(&params.ClientAuthentication)
+	err = p.authentication.addClientAuthenticationToClientAuthStruct(&params.ClientAuthentication, false)
 	if err != nil {
 		return nil, err
 	}
@@ -79,7 +79,7 @@ func (p *Passwordless) SendSMS(ctx context.Context, params passwordless.SendSMSR
 //
 // See: https://auth0.com/docs/api/authentication?http#authenticate-user
 func (p *Passwordless) LoginWithSMS(ctx context.Context, params passwordless.LoginWithSMSRequest, validationOptions oauth.IDTokenValidationOptions, opts ...RequestOption) (t *oauth.TokenSet, err error) {
-	err = p.authentication.addClientAuthenticationToClientAuthStruct(&params.ClientAuthentication)
+	err = p.authentication.addClientAuthenticationToClientAuthStruct(&params.ClientAuthentication, false)
 
 	if err != nil {
 		return nil, err