Allow clients without secret to be used for authorization flow
Clients that don't accept tokens are, however, not allowed to use any
of the API calls in Ipsilon like TokenInfo.
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Merges: #266
Reviewed-by: Randy Barlow <randy@electronsweatshop.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Howard Johnson <merlin@merlinthp.org>