1 Jul
2024
1 Jul
'24
7:29 p.m.
Here goes another oauth2 question, hoping it won't be ignored like all the others.
I want to use get/auth on tokeninfo_url but post on introspection_url but dovecot doesn't let me. It doesn't add the auth header on tokeninfo_url whenever introspection_mode == post
so, if introspection_mode = post, then dovecot no longer sends auth header to tokeninfo_url . Is this by design, is it a bug ?
as can be seen in
src/lib-oauth2/oauth2-request.c
if (add_auth_bearer && http_client_request_get_origin_url(req->req)->user == NULL && set->introspection_mode == INTROSPECTION_MODE_GET_AUTH) { http_client_request_add_header(req->req, "Authorization", t_strdup_printf("Bearer %s", input->token)); }