Here goes another oauth2 question, hoping it won't be ignored
like all the others.
I want to use get/auth on tokeninfo_url but post on introspection_url
but dovecot doesn't let me. It doesn't add the auth header on
tokeninfo_url whenever introspection_mode == post
so, if introspection_mode = post, then dovecot no longer sends auth
header to tokeninfo_url . Is this by design, is it a bug ?
as can be seen in
src/lib-oauth2/oauth2-request.c
if (add_auth_bearer &&
http_client_request_get_origin_url(req->req)->user
== NULL &&
set->introspection_mode ==
INTROSPECTION_MODE_GET_AUTH) {
http_client_request_add_header(req->req,
"Authorization",
t_strdup_printf("Bearer %s",
input->token));
}
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
