From 03ff8360910496a81563e5c5097a3154559815c4 Mon Sep 17 00:00:00 2001
From: Erik Sundell <erik.i.sundell@gmail.com>
Date: Fri, 21 Apr 2023 22:11:15 +0200
Subject: [PATCH] maint: fix non-symptomatic bug in implementation of
 basic_auth config

---
 oauthenticator/oauth2.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/oauthenticator/oauth2.py b/oauthenticator/oauth2.py
index ffd514ff..b47b7c37 100644
--- a/oauthenticator/oauth2.py
+++ b/oauthenticator/oauth2.py
@@ -356,7 +356,7 @@ def _logout_redirect_url_default(self):
 
     # Originally a GenericOAuthenticator only trait
     basic_auth = Bool(
-        os.environ.get("OAUTH2_BASIC_AUTH", "False").lower() in {"false", "0"},
+        os.environ.get("OAUTH2_BASIC_AUTH", "False").lower() in {"true", "1"},
         config=True,
         help="Whether or not to use basic authentication for access token request",
     )
@@ -534,7 +534,7 @@ def build_token_info_request_headers(self):
         """
         headers = {"Accept": "application/json", "User-Agent": "JupyterHub"}
 
-        if not self.basic_auth:
+        if self.basic_auth:
             b64key = base64.b64encode(
                 bytes("{self.client_id}:{self.client_secret}", "utf8")
             )
@@ -610,7 +610,7 @@ def build_access_tokens_request_params(self, handler, data=None):
         # the client_id and client_secret should not be included in the access token request params
         # when basic authentication is used
         # ref: https://www.rfc-editor.org/rfc/rfc6749#section-2.3.1
-        if self.basic_auth:
+        if not self.basic_auth:
             params.update(
                 [("client_id", self.client_id), ("client_secret", self.client_secret)]
             )