requests · DmitryPaschenko · Aug 14, 2018
diff --git a/requests_oauthlib/oauth2_session.py b/requests_oauthlib/oauth2_session.py
@@ -192,16 +192,12 @@ def fetch_token(self, token_url, code=None, authorization_response=None,
                 raise ValueError('Please supply either code or '
                                  'authorization_response parameters.')
 
-
-        body = self._client.prepare_request_body(code=code, body=body,
-                redirect_uri=self.redirect_uri, username=username,
-                password=password, **kwargs)
-
-        client_id = kwargs.get('client_id', '')
         if auth is None:
+            client_id = kwargs.pop('client_id', '')
+
             if client_id:
                 log.debug('Encoding client_id "%s" with client_secret as Basic auth credentials.', client_id)
-                client_secret = kwargs.get('client_secret', '')
+                client_secret = kwargs.pop('client_secret', '')
                 client_secret = client_secret if client_secret is not None else ''
                 auth = requests.auth.HTTPBasicAuth(client_id, client_secret)
             elif username:
@@ -210,6 +206,10 @@ def fetch_token(self, token_url, code=None, authorization_response=None,
                 log.debug('Encoding username, password as Basic auth credentials.')
                 auth = requests.auth.HTTPBasicAuth(username, password)
 
+        body = self._client.prepare_request_body(code=code, body=body,
+                                                 redirect_uri=self.redirect_uri, username=username,
+                                                 password=password, **kwargs)
+
         headers = headers or {
             'Accept': 'application/json',
             'Content-Type': 'application/x-www-form-urlencoded;charset=UTF-8',