lib-oauth2: Do not send client_id & client_secret as POST parameters when doing intro...

diff --git a/src/lib-oauth2/oauth2-request.c b/src/lib-oauth2/oauth2-request.c
index af3e72f57c095a5f7bc29b730dd941b78d9a4769..1c26e9347d2acd904448ba0267448b6a0e3a9abb 100644 (file)
--- a/src/lib-oauth2/oauth2-request.c
+++ b/src/lib-oauth2/oauth2-request.c
@@ -306,10 +306,6 @@ oauth2_introspection_start(const struct oauth2_settings *set,
                payload = str_new(p, strlen(input->token)+6);
                str_append(payload, "token=");
                http_url_escape_param(payload, input->token);
-               str_append(payload, "&client_id=");
-               http_url_escape_param(payload, set->client_id);
-               str_append(payload, "&client_secret=");
-               http_url_escape_param(payload, set->client_secret);
                url = set->introspection_url;
                method = "POST";
                break;