client_secret doesn't have to be provided to gain an access token.
Prior to this fix the script would throw undefined offset errors with no client_secret when using GET or POST, this commit just gives it null if not set.
Fix getClientCredentials when no client_secret set
break out redirect from auth code response
fixing token checking