jupyterhub · consideRatio · Apr 25, 2023 · Apr 21, 2023
diff --git a/oauthenticator/oauth2.py b/oauthenticator/oauth2.py
@@ -356,7 +356,7 @@ def _logout_redirect_url_default(self):
 
     # Originally a GenericOAuthenticator only trait
     basic_auth = Bool(
-        os.environ.get("OAUTH2_BASIC_AUTH", "False").lower() in {"false", "0"},
+        os.environ.get("OAUTH2_BASIC_AUTH", "False").lower() in {"true", "1"},
         config=True,
         help="Whether or not to use basic authentication for access token request",
     )
@@ -534,7 +534,7 @@ def build_token_info_request_headers(self):
         """
         headers = {"Accept": "application/json", "User-Agent": "JupyterHub"}
 
-        if not self.basic_auth:
+        if self.basic_auth:
             b64key = base64.b64encode(
                 bytes("{self.client_id}:{self.client_secret}", "utf8")
             )
@@ -610,7 +610,7 @@ def build_access_tokens_request_params(self, handler, data=None):
         # the client_id and client_secret should not be included in the access token request params
         # when basic authentication is used
         # ref: https://www.rfc-editor.org/rfc/rfc6749#section-2.3.1
-        if self.basic_auth:
+        if not self.basic_auth:
             params.update(
                 [("client_id", self.client_id), ("client_secret", self.client_secret)]
             )