From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Tue, 26 May 2020 18:24:02 +0000 (+0300)
Subject: auth: db-oauth2 - Do not fallback into remote validation anymore
X-Git-Tag: 2.3.11.2~41
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=05e641572dda047decc8f8bf2581346674a70fad;p=thirdparty%2Fdovecot%2Fcore.git

auth: db-oauth2 - Do not fallback into remote validation anymore

It makes no sense anymore with introspection_mode=local. One should
make another passdb.
---

diff --git a/src/auth/db-oauth2.c b/src/auth/db-oauth2.c
index 7e9aa70697..d7d44868aa 100644
--- a/src/auth/db-oauth2.c
+++ b/src/auth/db-oauth2.c
@@ -764,17 +764,10 @@ void db_oauth2_lookup(struct db_oauth2 *db, struct db_oauth2_request *req,
 		e_debug(authdb_event(req->auth_request),
 			"oauth2: Attempting to locally validate token");
 		/* will send result if ret = 0 */
-		if (db_oauth2_local_validation(req) == 0)
-			return;
-		/* fallback to online validation */
-		if (*db->oauth2_set.tokeninfo_url == '\0' &&
-		    *db->oauth2_set.introspection_url == '\0') {
+		if (db_oauth2_local_validation(req) < 0)
 			db_oauth2_callback(req, PASSDB_RESULT_PASSWORD_MISMATCH,
 					   "oauth2: Not a JWT token");
-			return;
-		}
-		e_debug(authdb_event(req->auth_request),
-			"Token not a JWT token, falling back to online validation");
+		return;
 
 	}
 	if (db->oauth2_set.use_grant_password) {