From cb6cec495c3f43202874d133792118b943a65b94 Mon Sep 17 00:00:00 2001
From: Jeroen Derks <info@magentron.com>
Date: Mon, 28 Nov 2022 19:51:53 +0100
Subject: [PATCH 1/3]  Enabled client_secret_basic authentication on
 requestClientCredentialsToken() #347

---
 CHANGELOG.md                |  6 ++++++
 src/OpenIDConnectClient.php | 33 ++++++++++++++++++++++-----------
 2 files changed, 28 insertions(+), 11 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index eacd7d3c..0f130243 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## [0.9.11]
+
+### Added
+
+* Enabled `client_secret_basic` authentication on `requestClientCredentialsToken()` #347
+
 ## [0.9.10]
 
 ## Fixed
diff --git a/src/OpenIDConnectClient.php b/src/OpenIDConnectClient.php
index bac366cf..616fc9ac 100644
--- a/src/OpenIDConnectClient.php
+++ b/src/OpenIDConnectClient.php
@@ -848,12 +848,12 @@ public function requestClientCredentialsToken() {
         $grant_type = 'client_credentials';
 
         $post_data = [
-            'grant_type'    => $grant_type,
-            'client_id'     => $this->clientID,
-            'client_secret' => $this->clientSecret,
-            'scope'         => implode(' ', $this->scopes)
+            'grant_type' => $grant_type,
+            'scope'      => implode(' ', $this->scopes)
         ];
 
+        $this->setOptionalBasicAuthentication($headers, $post_data);
+
         // Convert token params to string format
         $post_params = http_build_query($post_data, '', '&', $this->encType);
 
@@ -884,13 +884,7 @@ public function requestResourceOwnerToken($bClientAuth = FALSE) {
 
         //For client authentication include the client values
         if($bClientAuth) {
-            $token_endpoint_auth_methods_supported = $this->getProviderConfigValue('token_endpoint_auth_methods_supported', ['client_secret_basic']);
-            if ($this->supportsAuthMethod('client_secret_basic', $token_endpoint_auth_methods_supported)) {
-                $headers = ['Authorization: Basic ' . base64_encode(urlencode($this->clientID) . ':' . urlencode($this->clientSecret))];
-            } else {
-                $post_data['client_id']     = $this->clientID;
-                $post_data['client_secret'] = $this->clientSecret;
-            }
+            $this->setOptionalBasicAuthentication($headers, $post_data);
         }
 
         // Convert token params to string format
@@ -899,6 +893,23 @@ public function requestResourceOwnerToken($bClientAuth = FALSE) {
         return json_decode($this->fetchURL($token_endpoint, $post_params, $headers));
     }
 
+    /**
+     * Use client basic authentication if supported.
+     *
+     * @param array $headers
+     * @param array $post_data
+     * @throws OpenIDConnectClientException
+     */
+    protected function setOptionalBasicAuthentication(&$headers, &$post_data) {
+        $token_endpoint_auth_methods_supported = $this->getProviderConfigValue('token_endpoint_auth_methods_supported', ['client_secret_basic']);
+
+        if ($this->supportsAuthMethod('client_secret_basic', $token_endpoint_auth_methods_supported)) {
+            $headers = ['Authorization: Basic ' . base64_encode(urlencode($this->clientID) . ':' . urlencode($this->clientSecret))];
+        } else {
+            $post_data['client_id']     = $this->clientID;
+            $post_data['client_secret'] = $this->clientSecret;
+        }
+    }
 
     /**
      * Requests ID and Access tokens

From 8ef1281865a9eae03522c8aa945d80d26647229a Mon Sep 17 00:00:00 2001
From: Jeroen Derks <info@magentron.com>
Date: Mon, 28 Nov 2022 20:48:42 +0100
Subject: [PATCH 2/3] updated composer.json added replace, updated README.md
 added notification about project forked from

---
 README.md     | 4 +++-
 composer.json | 7 +++++--
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 79318e50..f6d2db45 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,5 @@
+NB: This is a fork from [jumbojett/OpenID-Connect-PHP](https://github.com/jumbojett/OpenID-Connect-PHP) to allow client basic authentication on obtaining the access token.
+
 PHP OpenID Connect Basic Client
 ========================
 A simple library that allows an application to authenticate a user through the basic OpenID Connect flow.
@@ -14,7 +16,7 @@ A special thanks goes to Justin Richer and Amanda Anganes for their help and sup
 ## Install ##
 1. Install library using composer
 ```
-composer require jumbojett/openid-connect-php
+composer require magentron/openid-connect-php
 ```
 
 2. Include composer autoloader
diff --git a/composer.json b/composer.json
index 6d218ccf..c8f0f22e 100644
--- a/composer.json
+++ b/composer.json
@@ -1,6 +1,6 @@
 {
-    "name": "jumbojett/openid-connect-php",
-    "description": "Bare-bones OpenID Connect client",
+    "name": "magentron/openid-connect-php",
+    "description": "Bare-bones OpenID Connect client (forked to allow client secret basic authentication on obtaining access token)",
     "license": "Apache-2.0",
     "require": {
         "php": ">=5.4",
@@ -13,6 +13,9 @@
         "roave/security-advisories": "dev-master",
         "yoast/phpunit-polyfills": "^1.0"
     },
+	"replace": {
+		"jumbojett/openid-connect-php": "<=0.9.10"
+	},
     "archive" : {
         "exclude" : [
             ".*"

From 3327b142ad92e9c06d11013a17880b4679dca45d Mon Sep 17 00:00:00 2001
From: Jeroen Derks <info@magentron.com>
Date: Thu, 7 Nov 2024 10:20:44 +0100
Subject: [PATCH 3/3] Remove references to Magentron fork

---
 README.md     | 4 +---
 composer.json | 2 +-
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index ef5025d6..904b83ec 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,3 @@
-NB: This is a fork from [jumbojett/OpenID-Connect-PHP](https://github.com/jumbojett/OpenID-Connect-PHP) to allow client basic authentication on obtaining the access token.
-
 PHP OpenID Connect Basic Client
 ========================
 A simple library that allows an application to authenticate a user through the basic OpenID Connect flow.
@@ -16,7 +14,7 @@ A special thanks goes to Justin Richer and Amanda Anganes for their help and sup
 ## Install ##
 1. Install library using composer
 ```
-composer require magentron/openid-connect-php
+composer require jumbojett/openid-connect-php
 ```
 
 2. Include composer autoloader
diff --git a/composer.json b/composer.json
index ca9dc579..41cdada4 100644
--- a/composer.json
+++ b/composer.json
@@ -1,5 +1,5 @@
 {
-    "name": "magentron/openid-connect-php",
+    "name": "jumbojett/openid-connect-php",
     "description": "Bare-bones OpenID Connect client (forked to allow client secret basic authentication on obtaining access token)",
     "license": "Apache-2.0",
     "require": {