From 2c0c0112c6fd2f62e1556e6a84c64d34433d015e Mon Sep 17 00:00:00 2001
From: Mariano Cano <mariano@smallstep.com>
Date: Thu, 14 Mar 2019 18:00:11 -0700
Subject: [PATCH] Add an optional client secret field.

---
 authority/provisioner/oidc.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/authority/provisioner/oidc.go b/authority/provisioner/oidc.go
index 7bf30518..ba684763 100644
--- a/authority/provisioner/oidc.go
+++ b/authority/provisioner/oidc.go
@@ -41,10 +41,14 @@ type openIDPayload struct {
 }
 
 // OIDC represents an OAuth 2.0 OpenID Connect provider.
+//
+// ClientSecret is optional, and it will be only necessary if an implicit flow
+// is not available, the value will be visible in the provisioners endpoint.
 type OIDC struct {
 	Type                  string   `json:"type"`
 	Name                  string   `json:"name"`
 	ClientID              string   `json:"clientID"`
+	ClientSecret          string   `json:"clientSecret,omitempty"`
 	ConfigurationEndpoint string   `json:"configurationEndpoint"`
 	Claims                *Claims  `json:"claims,omitempty"`
 	Admins                []string `json:"admins,omitempty"`