From 5fe8454991210d5c0f468c251daabcf61c8f596d Mon Sep 17 00:00:00 2001
From: Jeremy Norberg <jeremy@inkstonehq.com>
Date: Tue, 14 Apr 2015 22:56:15 -0700
Subject: [PATCH] Passing clientSecret when initializing OAuth2 to be more
 compatible with Oauth2 RFC Section 2.3 (if the authorization server requires
 authentication, pass clientId and clientSecret in basic auth or in body)

---
 lib/strategy.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/strategy.js b/lib/strategy.js
index 57845ea..ca6fde7 100644
--- a/lib/strategy.js
+++ b/lib/strategy.js
@@ -22,7 +22,7 @@ function PasswordGrantStrategy(options, verify) {
   this.name = 'password-grant';
   this._verify = verify;
 
-  this._oauth2 = new OAuth2(options.clientID, '', '', '', options.tokenURL, options.customHeaders);
+  this._oauth2 = new OAuth2(options.clientID, options.clientSecret, '', '', options.tokenURL, options.customHeaders);
 
   this._passReqToCallback = options.passReqToCallback;
   this._skipUserProfile = (options.skipUserProfile === undefined) ? false : options.skipUserProfile;