From: Sergey Kitov <sergey.kitov@open-xchange.com>
Date: Fri, 1 Mar 2019 08:57:40 +0000 (+0200)
Subject: auth: Add client_secret setting
X-Git-Tag: 2.3.6~42
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9b9d7463097a3ec7376c5b7addb6837a0a4534b3;p=thirdparty%2Fdovecot%2Fcore.git

auth: Add client_secret setting
---

diff --git a/src/auth/db-oauth2.c b/src/auth/db-oauth2.c
index 10c9fc3607..fdfb147b80 100644
--- a/src/auth/db-oauth2.c
+++ b/src/auth/db-oauth2.c
@@ -43,6 +43,8 @@ struct passdb_oauth2_settings {
 	const char *active_value;
 	/* client identificator for oauth2 server */
 	const char *client_id;
+	/* not really used, but have to present by oauth2 specs */
+	const char *client_secret;
 	/* template to expand into passdb */
 	const char *pass_attrs;
 
@@ -110,6 +112,7 @@ static struct setting_def setting_defs[] = {
 	DEF_STR(active_attribute),
 	DEF_STR(active_value),
 	DEF_STR(client_id),
+	DEF_STR(client_secret),
 	DEF_INT(timeout_msecs),
 	DEF_INT(max_idle_time_msecs),
 	DEF_INT(max_parallel_connections),
@@ -143,6 +146,7 @@ static struct passdb_oauth2_settings default_oauth2_settings = {
 	.active_attribute = "",
 	.active_value = "",
 	.client_id = "",
+	.client_secret = "",
 	.pass_attrs = "",
 	.rawlog_dir = "",
 	.timeout_msecs = 0,
@@ -235,6 +239,7 @@ struct db_oauth2 *db_oauth2_init(const char *config_path)
 	db->oauth2_set.grant_url = db->set.grant_url,
 	db->oauth2_set.introspection_url = db->set.introspection_url;
 	db->oauth2_set.client_id = db->set.client_id;
+	db->oauth2_set.client_secret = db->set.client_secret;
 	db->oauth2_set.timeout_msecs = db->set.timeout_msecs;
 	db->oauth2_set.send_auth_headers = db->set.send_auth_headers;
 	db->oauth2_set.use_grant_password = db->set.use_grant_password;
diff --git a/src/lib-oauth2/oauth2-passwd-grant.c b/src/lib-oauth2/oauth2-passwd-grant.c
index d8abab235b..402466e368 100644
--- a/src/lib-oauth2/oauth2-passwd-grant.c
+++ b/src/lib-oauth2/oauth2-passwd-grant.c
@@ -118,6 +118,10 @@ oauth2_passwd_grant_start(const struct oauth2_settings *set,
 	http_url_escape_param(payload, password);
 	str_append(payload, "&client_id=");
 	http_url_escape_param(payload, req->set->client_id);
+	if (*req->set->client_secret != '\0') {
+		str_append(payload, "&client_secret=");
+		http_url_escape_param(payload, req->set->client_secret);
+	}
 	http_client_request_add_header(req->req, "Content-Type",
 				       "application/x-www-form-urlencoded");
 	http_client_request_set_payload_data(req->req, payload->data, payload->used);