include client_secret in request to device auth url

hashicorp · Jul 19, 2021 · 92b2d28 · 92b2d28
1 parent 74b7dc8
commit 92b2d28
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/path_oidc.go b/path_oidc.go
@@ -609,6 +609,7 @@ func (b *jwtAuthBackend) authURL(ctx context.Context, req *logical.Request, d *f
 
 		values := url.Values {
 			"client_id": {config.OIDCClientID},
+			"client_secret": {config.OIDCClientSecret},
 			"scope":     {strings.Join(scopes, " ")},
 		}
 		body, err := contactIssuer(caCtx, config.OIDCDeviceAuthURL, &values, false)
@@ -625,7 +626,7 @@ func (b *jwtAuthBackend) authURL(ctx context.Context, req *logical.Request, d *f
 		}
 		err = json.Unmarshal(body, &deviceCode)
 		if err != nil {
-			return nil, errwrap.Wrapf("error decoding issuer response to device auth: {{err}}", err)
+			return nil, fmt.Errorf("error decoding issuer response to device auth: %v; response: %v", err, string(body))
 		}
 		// currently hashicorp/cap/oidc.NewRequest requires
 		//  redirectURL to be non-empty so throw in place holder