Merge remote-tracking branch 'origin/v4.1' into v4.1

2 files changed, 2 insertions, 2 deletions

diff --git a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/AccessTokenResourceOwnerPasswordCredentialsRequest.cs b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/AccessTokenResourceOwnerPasswordCredentialsRequest.cs
index 52e65be..a5d958a 100644
--- a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/AccessTokenResourceOwnerPasswordCredentialsRequest.cs
+++ b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/AccessTokenResourceOwnerPasswordCredentialsRequest.cs
@@ -82,7 +82,7 @@ namespace DotNetOpenAuth.OAuth2.Messages {
 		/// Gets or sets the user's password.
 		/// </summary>
 		/// <value>The password.</value>
-		[MessagePart(Protocol.password, IsRequired = true)]
+		[MessagePart(Protocol.password, IsRequired = true, IsSecuritySensitive = true)]
 		internal string Password { get; set; }
 
 		/// <summary>
diff --git a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/AuthenticatedClientRequestBase.cs b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/AuthenticatedClientRequestBase.cs
index 4631d83..96eecbb 100644
--- a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/AuthenticatedClientRequestBase.cs
+++ b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/AuthenticatedClientRequestBase.cs
@@ -44,7 +44,7 @@ namespace DotNetOpenAuth.OAuth2.Messages {
 		/// <remarks>
 		/// REQUIRED. The client secret as described in Section 2.1  (Client Credentials). OPTIONAL if no client secret was issued. 
 		/// </remarks>
-		[MessagePart(Protocol.client_secret, IsRequired = false)]
+		[MessagePart(Protocol.client_secret, IsRequired = false, IsSecuritySensitive = true)]
 		public string ClientSecret { get; internal set; }
 
 		/// <summary>