From 0efd9279173273a77859eb36e4b3c25bde586062 Mon Sep 17 00:00:00 2001
From: Tim Carr <tim@n7studios.co.uk>
Date: Mon, 10 Mar 2025 14:36:20 +0800
Subject: [PATCH 1/2] Add `client_id` to `accounts/oauth_access_token`

---
 src/class-convertkit-api-v4.php |  1 +
 tests/wpunit/APITest.php        | 16 ++++++++++++++++
 2 files changed, 17 insertions(+)

diff --git a/src/class-convertkit-api-v4.php b/src/class-convertkit-api-v4.php
index cfde53e..3b72f5b 100644
--- a/src/class-convertkit-api-v4.php
+++ b/src/class-convertkit-api-v4.php
@@ -492,6 +492,7 @@ public function get_access_token_by_api_key_and_secret( $api_key, $api_secret )
 			array(
 				'api_key'    => $api_key,
 				'api_secret' => $api_secret,
+				'client_id'  => $this->client_id,
 			)
 		);
 
diff --git a/tests/wpunit/APITest.php b/tests/wpunit/APITest.php
index f1af417..d088387 100644
--- a/tests/wpunit/APITest.php
+++ b/tests/wpunit/APITest.php
@@ -604,6 +604,22 @@ public function testGetAccessTokenByInvalidAPIKeyAndSecret()
 		$this->assertEquals('Authorization Failed: API Secret not valid', $result->get_error_message());
 	}
 
+	/**
+	 * Test that fetching an Access Token using an invalid client ID returns a WP_Error.
+	 *
+	 * @since   2.0.7
+	 */
+	public function testGetAccessTokenByAPIKeyAndSecretWithInvalidClientID()
+	{
+		$api    = new ConvertKit_API_V4( 'invalidClientID', $_ENV['CONVERTKIT_OAUTH_REDIRECT_URI'] );
+		$result = $api->get_access_token_by_api_key_and_secret(
+			$_ENV['CONVERTKIT_API_KEY'],
+			$_ENV['CONVERTKIT_API_SECRET']
+		);
+		$this->assertInstanceOf(WP_Error::class, $result);
+		$this->assertEquals($result->get_error_code(), $this->errorCode);
+	}
+
 	/**
 	 * Test that supplying valid API credentials to the API class returns the expected account information.
 	 *

From 93f80cc3599d963f21c8d4c8f12386faa1d8cc30 Mon Sep 17 00:00:00 2001
From: Tim Carr <tim@n7studios.co.uk>
Date: Tue, 11 Mar 2025 09:55:07 +0800
Subject: [PATCH 2/2] Added
 testGetAccessTokenByAPIKeyAndSecretWithBlankClientID test

---
 tests/wpunit/APITest.php | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/tests/wpunit/APITest.php b/tests/wpunit/APITest.php
index d088387..f1dadf0 100644
--- a/tests/wpunit/APITest.php
+++ b/tests/wpunit/APITest.php
@@ -620,6 +620,22 @@ public function testGetAccessTokenByAPIKeyAndSecretWithInvalidClientID()
 		$this->assertEquals($result->get_error_code(), $this->errorCode);
 	}
 
+	/**
+	 * Test that fetching an Access Token using a blank client ID returns a WP_Error.
+	 *
+	 * @since   2.0.7
+	 */
+	public function testGetAccessTokenByAPIKeyAndSecretWithBlankClientID()
+	{
+		$api    = new ConvertKit_API_V4( '', $_ENV['CONVERTKIT_OAUTH_REDIRECT_URI'] );
+		$result = $api->get_access_token_by_api_key_and_secret(
+			$_ENV['CONVERTKIT_API_KEY'],
+			$_ENV['CONVERTKIT_API_SECRET']
+		);
+		$this->assertInstanceOf(WP_Error::class, $result);
+		$this->assertEquals($result->get_error_code(), $this->errorCode);
+	}
+
 	/**
 	 * Test that supplying valid API credentials to the API class returns the expected account information.
 	 *