diff --git a/src/applications/oauthserver/controller/PhabricatorOAuthServerTokenController.php b/src/applications/oauthserver/controller/PhabricatorOAuthServerTokenController.php
--- a/src/applications/oauthserver/controller/PhabricatorOAuthServerTokenController.php
+++ b/src/applications/oauthserver/controller/PhabricatorOAuthServerTokenController.php
@@ -23,7 +23,8 @@
 
     $client_id_parameter = $request->getStr('client_id');
     $client_id_header = idx($_SERVER, 'PHP_AUTH_USER');
-    if (strlen($client_id_parameter) && strlen($client_id_header)) {
+    if (phutil_nonempty_string($client_id_parameter) &&
+        phutil_nonempty_string($client_id_header)) {
       if ($client_id_parameter !== $client_id_header) {
         throw new Exception(
           pht(