diff --git a/env-vars-testers.list b/env-vars-testers.list
index a8a79563..7c7d9252 100644
--- a/env-vars-testers.list
+++ b/env-vars-testers.list
@@ -9,3 +9,4 @@ SERVER_ROOT_ESCAPED=https:\/\/server
 SERVER_ROOT=https://server
 STORAGE_ROOT=https://server/apps/solid/~alice/storage/
 SKIP_CONC=1
+DEBUG=*
\ No newline at end of file
diff --git a/solid/lib/Controller/ServerController.php b/solid/lib/Controller/ServerController.php
index b4dc255b..88ad3194 100644
--- a/solid/lib/Controller/ServerController.php
+++ b/solid/lib/Controller/ServerController.php
@@ -109,9 +109,7 @@ private function createAuthServerConfig() {
 		if (isset($_GET['client_id'])) {
 			$clientId = $_GET['client_id'];
 		} else if (isset($_POST['client_id'])) {
-			if (isset($_POST['refresh_token'])) { // FIXME: Why does the test suite break without this?
-				$clientId = $_POST['client_id'];
-			}
+			$clientId = $_POST['client_id'];
 		}
 		$client = $this->getClient($clientId);
 		$keys = $this->getKeys();
@@ -323,17 +321,19 @@ public function session() {
 	 */
 	public function token() {
 		$request = \Laminas\Diactoros\ServerRequestFactory::fromGlobals($_SERVER, $_GET, $_POST, $_COOKIE, $_FILES);
-		$grantType = $request->getParsedBody()['grant_type'];
+		$requestBody = $request->getParsedBody();
+		$grantType = isset($requestBody['grant_type']) ? $requestBody['grant_type'] : null;
+		$clientId = isset($requestBody['client_id']) ? $requestBody['client_id'] : null;
 		switch ($grantType) {
 			case "authorization_code":
-				$code = $request->getParsedBody()['code'];
+				$code = $requestBody['code'];
 				// FIXME: not sure if decoding this here is the way to go.
 				// FIXME: because this is a public page, the nonce from the session is not available here.
 				$codeInfo = $this->tokenGenerator->getCodeInfo($code);
 				$userId = $codeInfo['user_id'];
 			break;
 			case "refresh_token":
-				$refreshToken = $request->getParsedBody()['refresh_token'];
+				$refreshToken = $requestBody['refresh_token'];
 				$tokenInfo = $this->tokenGenerator->getCodeInfo($refreshToken); // FIXME: getCodeInfo should be named 'decrypt' or 'getInfo'?
 				$userId = $tokenInfo['user_id'];
 			break;
diff --git a/solid/tests/Unit/Controller/ServerControllerTest.php b/solid/tests/Unit/Controller/ServerControllerTest.php
index 2920b0dd..4c3cf8c2 100644
--- a/solid/tests/Unit/Controller/ServerControllerTest.php
+++ b/solid/tests/Unit/Controller/ServerControllerTest.php
@@ -348,6 +348,7 @@ public function testRegisterWithRedirectUris()
 				'registration_client_uri' => '',
 				'response_types' => ['id_token token'],
 				'token_endpoint_auth_method' => 'client_secret_basic',
+				'client_secret' => '3b5798fddd49e23662ee6fe801085100',
 			],
 			'headers' => [
 				'Cache-Control' => 'no-cache, no-store, must-revalidate',
@@ -369,6 +370,7 @@ public function testToken()
 	{
 		$_POST['client_id'] = self::MOCK_CLIENT_ID;
 		$_POST['code'] = '';
+		$_POST['grant_type'] = 'authorization_code';
 		$_SERVER['HTTP_DPOP'] = 'mock dpop';
 		$_SESSION['nonce'] = 'mock nonce';