lib-oauth2: append scope to the access request payload

diff --git a/src/lib-oauth2/oauth2-request.c b/src/lib-oauth2/oauth2-request.c
index 660ccbefd207176430dc707299be40d3d9db3ad0..b9f0076e1f9c5d2ff8e2982b59506e987a901618 100644 (file)
--- a/src/lib-oauth2/oauth2-request.c
+++ b/src/lib-oauth2/oauth2-request.c
@@ -253,6 +253,10 @@ oauth2_passwd_grant_start(const struct oauth2_settings *set,
        http_url_escape_param(payload, set->client_id);
        str_append(payload, "&client_secret=");
        http_url_escape_param(payload, set->client_secret);
+       if (set->scope[0] != '\0') {
+               str_append(payload, "&scope=");
+               http_url_escape_param(payload, set->scope);
+       }
 
        return oauth2_request_start(set, input, callback, context,
                                    pool, "POST", set->grant_url,

diff --git a/src/lib-oauth2/oauth2.h b/src/lib-oauth2/oauth2.h
index b6f58761392478e12cb5d2d184a27a2f1809d216..aaacfeb20929525fe8aa8bc0954cc9a0cd91f791 100644 (file)
--- a/src/lib-oauth2/oauth2.h
+++ b/src/lib-oauth2/oauth2.h
@@ -28,6 +28,8 @@ struct oauth2_settings {
        const char *client_id;
        /* client secret for oauth2 server */
        const char *client_secret;
+       /* access request scope for oauth2 server (optional) */
+       const char *scope;
        enum {
                INTROSPECTION_MODE_GET_AUTH,
                INTROSPECTION_MODE_GET,