From 1cb8ec93cf27cf4f30445aa94e73206b55a5df4e Mon Sep 17 00:00:00 2001 From: Aki Tuomi Date: Tue, 26 May 2020 13:38:09 +0300 Subject: [PATCH] auth: db-oauth2 - Clarify how introspect gets called This should make it more obvious when introspection actually gets called after lookup. Introspection failure is now also moved earlier, before the request would fail later because not all fields are available. --- src/auth/db-oauth2.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/src/auth/db-oauth2.c b/src/auth/db-oauth2.c index 91ed1343e9..d484c0a5dd 100644 --- a/src/auth/db-oauth2.c +++ b/src/auth/db-oauth2.c @@ -667,11 +667,14 @@ db_oauth2_lookup_continue(struct oauth2_request_result *result, error = "Invalid token"; } else { db_oauth2_fields_merge(req, result->fields); - if (*req->db->set.introspection_url != '\0' && - (req->db->set.force_introspection || - !db_oauth2_have_all_fields(req))) { - e_debug(authdb_event(req->auth_request), - "oauth2: Introspection needed after token validation"); + if (req->token == NULL) { + db_oauth2_callback(req, PASSDB_RESULT_INTERNAL_FAILURE, + "OAuth2 token missing from reply"); + return; + } else if (db_oauth2_have_all_fields(req) && + !req->db->set.force_introspection) { + /* pass */ + } else if (*req->db->set.introspection_url != '\0') { db_oauth2_lookup_introspect(req); return; } -- 2.47.3