lib-oauth2: Do not send empty client_id or client_secret

author Aki Tuomi <aki.tuomi@open-xchange.com>

Fri, 12 May 2023 08:48:25 +0000 (11:48 +0300)

committer aki.tuomi <aki.tuomi@open-xchange.com>

Tue, 29 Aug 2023 07:08:45 +0000 (07:08 +0000)
author Aki Tuomi <aki.tuomi@open-xchange.com>
Fri, 12 May 2023 08:48:25 +0000 (11:48 +0300)
committer aki.tuomi <aki.tuomi@open-xchange.com>
Tue, 29 Aug 2023 07:08:45 +0000 (07:08 +0000)
diff --git a/src/lib-oauth2/oauth2-request.c b/src/lib-oauth2/oauth2-request.c

index 1f972953731a6646baf6a1a4cb8d7c3162fbf140..96def56fc87bbc9c7c942f523936974e07356a6c 100644 (file)
--- a/src/lib-oauth2/oauth2-request.c
+++ b/src/lib-oauth2/oauth2-request.c
@@ -286,10 +286,14 @@ oauth2_introspection_start(const struct oauth2_settings *set,
                 enc = t_str_new(64);
                 str_append(enc, set->introspection_url);
                 http_url_escape_param(enc, input->token);
-               str_append(enc, "&client_id=");
-               http_url_escape_param(enc, set->client_id);
-               str_append(enc, "&client_secret=");
-               http_url_escape_param(enc, set->client_secret);
+               if (*set->client_id != '\0') {
+                       str_append(enc, "&client_id=");
+                       http_url_escape_param(enc, set->client_id);
+               }
+               if (*set->client_secret != '\0') {
+                       str_append(enc, "&client_secret=");
+                       http_url_escape_param(enc, set->client_secret);
+               }
                 url = str_c(enc);
                 method = "GET";
                 break;
@@ -345,10 +349,14 @@ oauth2_passwd_grant_start(const struct oauth2_settings *set,
         http_url_escape_param(payload, username);
         str_append(payload, "&password=");
         http_url_escape_param(payload, password);
-       str_append(payload, "&client_id=");
-       http_url_escape_param(payload, set->client_id);
-       str_append(payload, "&client_secret=");
-       http_url_escape_param(payload, set->client_secret);
+       if (*set->client_id != '\0') {
+               str_append(payload, "&client_id=");
+               http_url_escape_param(payload, set->client_id);
+       }
+       if (*set->client_secret != '\0') {
+               str_append(payload, "&client_secret=");
+               http_url_escape_param(payload, set->client_secret);
+       }
         if (set->scope[0] != '\0') {
                 str_append(payload, "&scope=");
                 http_url_escape_param(payload, set->scope);
author	Aki Tuomi <aki.tuomi@open-xchange.com>
	Fri, 12 May 2023 08:48:25 +0000 (11:48 +0300)
committer	aki.tuomi <aki.tuomi@open-xchange.com>
	Tue, 29 Aug 2023 07:08:45 +0000 (07:08 +0000)