From decfe705d74b608e92a685ba2f2a016c8d4e0ec1 Mon Sep 17 00:00:00 2001
From: Nuwan Dias <nuwan@Nuwans-MacBook-Pro.local>
Date: Fri, 12 Jun 2015 17:12:21 +0530
Subject: [PATCH] Fixing APIMANAGER-3868

---
 .../identity/oauth/endpoint/token/OAuth2TokenEndpoint.java   | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/token/OAuth2TokenEndpoint.java b/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/token/OAuth2TokenEndpoint.java
index 8a5dc235e7..4fff3dd9d5 100644
--- a/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/token/OAuth2TokenEndpoint.java
+++ b/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/token/OAuth2TokenEndpoint.java
@@ -92,6 +92,11 @@ public Response issueAccessToken(@Context HttpServletRequest request,
                         return handleBasicAuthFailure();
                     }
 
+                    //If a client sends an invalid base64 encoded clientid:clientsecret value, it results in this
+                    //array to only contain 1 element. This happens on specific errors though.
+                    if(clientCredentials == null || clientCredentials.length < 2){
+                        return handleBasicAuthFailure();
+                    }
                     // add the credentials available in Authorization header to the parameter map
                     paramMap.add(OAuth.OAUTH_CLIENT_ID, clientCredentials[0]);
                     paramMap.add(OAuth.OAUTH_CLIENT_SECRET, clientCredentials[1]);