diff --git a/lib/oauth2/provider/exchange.rb b/lib/oauth2/provider/exchange.rb
index e39a240c..60a96ed8 100644
--- a/lib/oauth2/provider/exchange.rb
+++ b/lib/oauth2/provider/exchange.rb
@@ -101,6 +101,7 @@ def validate!
       def validate_required_params
         REQUIRED_PARAMS.each do |param|
           next if @params.has_key?(param)
+          next if param == CLIENT_SECRET && ([ASSERTION, PASSWORD].include?(@grant_type))
           @error = INVALID_REQUEST
           @error_description = "Missing required parameter #{param}"
         end
@@ -113,7 +114,7 @@ def validate_client
           @error_description = "Unknown client ID #{@params[CLIENT_ID]}"
         end
         
-        if @client and not @client.valid_client_secret? @params[CLIENT_SECRET]
+        if @client and @params[CLIENT_SECRET] and not @client.valid_client_secret? @params[CLIENT_SECRET]
           @error = INVALID_CLIENT
           @error_description = 'Parameter client_secret does not match'
         end
diff --git a/spec/oauth2/provider/exchange_spec.rb b/spec/oauth2/provider/exchange_spec.rb
index 0891ba0e..b7b10f44 100644
--- a/spec/oauth2/provider/exchange_spec.rb
+++ b/spec/oauth2/provider/exchange_spec.rb
@@ -189,7 +189,68 @@
       end
     end
     
-    it_should_behave_like "validates required parameters"
+    describe "missing grant_type" do
+      before { params.delete('client_id') }
+      
+      it "is invalid" do
+        exchange.error.should == "invalid_request"
+        exchange.error_description.should == "Missing required parameter client_id"
+      end
+    end
+    
+    describe "with an unknown grant type" do
+      before { params['grant_type'] = 'unknown' }
+      
+      it "is invalid" do
+        exchange.error.should == "unsupported_grant_type"
+        exchange.error_description.should == "The grant type unknown is not recognized"
+      end
+    end
+    
+    describe "missing client_id" do
+      before { params.delete('client_id') }
+      
+      it "is invalid" do
+        exchange.error.should == "invalid_request"
+        exchange.error_description.should == "Missing required parameter client_id"
+      end
+    end
+    
+    describe "with an unknown client_id" do
+      before { params['client_id'] = "unknown" }
+      
+      it "is invalid" do
+        exchange.error.should == "invalid_client"
+        exchange.error_description.should == "Unknown client ID unknown"
+      end
+    end
+    
+    describe "with a mismatched client_secret" do
+      before { params['client_secret'] = "nosoupforyou" }
+      
+      it "is invalid" do
+        exchange.error.should == "invalid_client"
+        exchange.error_description.should == "Parameter client_secret does not match"
+      end
+    end
+    
+    describe "with lesser scope than the authorization code represents" do
+      before { params['scope'] = 'bar' }
+      
+      it "is valid" do
+        exchange.error.should be_nil
+      end
+    end
+    
+    describe "with scopes not covered by the authorization code" do
+      before { params['scope'] = 'qux' }
+      
+      it "is invalid" do
+        exchange.error.should == 'invalid_scope'
+        exchange.error_description.should == 'The request scope was never granted by the user'
+      end
+    end
+
     it_should_behave_like "valid token request"
     
     describe "missing username" do
@@ -243,7 +304,68 @@
       OAuth2::Provider.clear_assertion_handlers!
     end
     
-    it_should_behave_like "validates required parameters"
+    describe "missing grant_type" do
+      before { params.delete('client_id') }
+      
+      it "is invalid" do
+        exchange.error.should == "invalid_request"
+        exchange.error_description.should == "Missing required parameter client_id"
+      end
+    end
+    
+    describe "with an unknown grant type" do
+      before { params['grant_type'] = 'unknown' }
+      
+      it "is invalid" do
+        exchange.error.should == "unsupported_grant_type"
+        exchange.error_description.should == "The grant type unknown is not recognized"
+      end
+    end
+    
+    describe "missing client_id" do
+      before { params.delete('client_id') }
+      
+      it "is invalid" do
+        exchange.error.should == "invalid_request"
+        exchange.error_description.should == "Missing required parameter client_id"
+      end
+    end
+    
+    describe "with an unknown client_id" do
+      before { params['client_id'] = "unknown" }
+      
+      it "is invalid" do
+        exchange.error.should == "invalid_client"
+        exchange.error_description.should == "Unknown client ID unknown"
+      end
+    end
+    
+    describe "with a mismatched client_secret" do
+      before { params['client_secret'] = "nosoupforyou" }
+      
+      it "is invalid" do
+        exchange.error.should == "invalid_client"
+        exchange.error_description.should == "Parameter client_secret does not match"
+      end
+    end
+    
+    describe "with lesser scope than the authorization code represents" do
+      before { params['scope'] = 'bar' }
+      
+      it "is valid" do
+        exchange.error.should be_nil
+      end
+    end
+    
+    describe "with scopes not covered by the authorization code" do
+      before { params['scope'] = 'qux' }
+      
+      it "is invalid" do
+        exchange.error.should == 'invalid_scope'
+        exchange.error_description.should == 'The request scope was never granted by the user'
+      end
+    end
+
     it_should_behave_like "valid token request"
     
     describe "missing assertion_type" do