From 06157f5331669ed4d1264f027e3bbfe69a69b078 Mon Sep 17 00:00:00 2001 From: Timo Sirainen Date: Wed, 27 May 2020 00:57:24 +0300 Subject: [PATCH] auth: db-oauth2 - Don't set db_oauth2_request.token for grant lookups The grant lookup sets the token. There's no need to set it before that. --- src/auth/db-oauth2.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/auth/db-oauth2.c b/src/auth/db-oauth2.c index 96899db795..a7f8178196 100644 --- a/src/auth/db-oauth2.c +++ b/src/auth/db-oauth2.c @@ -717,11 +717,10 @@ db_oauth2_lookup_passwd_grant(struct oauth2_request_result *result, const char *error; const struct oauth2_field *f; + i_assert(req->token == NULL); req->req = NULL; if (result->valid) { - /* make sure token is NULL if no access_token is found */ - req->token = NULL; array_foreach(result->fields, f) if (strcmp(f->name, "access_token") == 0) req->token = p_strdup(req->pool, f->value); @@ -794,6 +793,8 @@ void db_oauth2_lookup(struct db_oauth2 *db, struct db_oauth2_request *req, e_debug(authdb_event(req->auth_request), "Making grant url request to %s", db->set.grant_url); + /* There is no valid token until grant looks it up. */ + req->token = NULL; req->req = oauth2_passwd_grant_start(&db->oauth2_set, &input, request->fields.user, request->mech_password, db_oauth2_lookup_passwd_grant, req); -- 2.47.3