flask `DeviceAuthorizationEndpoint` ignores provided `client_id` when calling `save_device_credential`.

[spenhand]

Describe the bug

flask DeviceAuthorizationEndpoint ignores provided client_id when calling save_device_credential.

Error Stacks

No errors. The bug incorrectly passes None in as the client_id, leading to potentially incorrect credentials saved.

To Reproduce

minimal test case test_patch.txt

Expected behavior

I would expect the client_id to be present and match that of the request.

Environment:

Not sure exactly how far back this goes, but my repro is on main and it seems like it's been around for a while.

Additional context

The issue happens because we never have client_id in the payload after parsing the basic auth header. So this call fails:

        self.save_device_credential(
            request.payload.client_id, request.payload.scope, data
        )

[night]

we just ran into this one too.. @lepture any chance you can take a peek? 🙏