[BUG] Client secret not verified if not provided

Hello, 

While trying to get your lib working on my project, I saw that using `Server.HandleTokenRequest` with no secret leads to a valid token being generated. See the attached picture as a proof.

I used a sample configuration to get it to work: 

```go
	manager := manage.NewDefaultManager()
	manager.MustTokenStorage(store.NewMemoryTokenStore())

	clientStore := store.NewClientStore()
	clientStore.Set("000000", &models.Client{
		ID:     "000000",
		Secret: "999999",
		Domain: "http://localhost",
	})
	manager.MapClientStorage(clientStore)

	srv := server.NewDefaultServer(manager)
```

Notes: Giving a bad secret results in an error being thrown. But no secret works.

![token_with_no_secret](https://user-images.githubusercontent.com/862607/87880198-fd2a5c80-c9ef-11ea-9a81-4a445cd4eb98.PNG)




Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[BUG] Client secret not verified if not provided #156

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[BUG] Client secret not verified if not provided #156

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions