Allow clients without secret to be used for authorization flow
    
    Clients that don't accept tokens are, however, not allowed to use any
    of the API calls in Ipsilon like TokenInfo.
    
    Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
    Merges: #266
    Reviewed-by: Randy Barlow <randy@electronsweatshop.com>
    Reviewed-by: Simo Sorce <simo@redhat.com>
    Reviewed-by: Howard Johnson <merlin@merlinthp.org>