From 4dc19deb6d1976b3a8eb2a02d7606d8e809a6e18 Mon Sep 17 00:00:00 2001
From: Paul Schreiber <paulschreiber@gmail.com>
Date: Fri, 20 Oct 2023 13:56:10 -0400
Subject: [PATCH] fix: handle both CLIENT_SECRET and certificate methods

---
 terraso_backend/apps/auth/providers.py | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/terraso_backend/apps/auth/providers.py b/terraso_backend/apps/auth/providers.py
index c4405a1ee..6e5304a23 100644
--- a/terraso_backend/apps/auth/providers.py
+++ b/terraso_backend/apps/auth/providers.py
@@ -221,15 +221,20 @@ def _build_client_secret(self):
         )
 
     def fetch_auth_tokens(self, authorization_code):
-        client_assertion = self._build_client_secret()
         params = dict(
             client_id=self.CLIENT_ID,
             code=authorization_code,
             grant_type="authorization_code",
             redirect_uri=self.REDIRECT_URI,
-            client_assertion=client_assertion,
-            client_assertion_type="urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
         )
+        if not self.CLIENT_SECRET:
+            params.update(
+                dict(
+                    client_assertion=self._build_client_secret(),
+                    client_assertion_type="urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
+                )
+            )
+
         try:
             resp = httpx.post(self.TOKEN_URI, data=params)
             resp.raise_for_status()