lib-oauth2: Do not send client_id & client_secret as POST parameters when doing intro...

diff --git a/src/lib-oauth2/oauth2-request.c b/src/lib-oauth2/oauth2-request.c
index 8fbd6d70707288ccea2603b4679f588ead4ee332..3d1ba1d206244125beb7e5db0fd6de865536fbd5 100644 (file)
--- a/src/lib-oauth2/oauth2-request.c
+++ b/src/lib-oauth2/oauth2-request.c
@@ -288,10 +288,6 @@ oauth2_introspection_start(const struct oauth2_settings *set,
                payload = str_new(p, strlen(input->token)+6);
                str_append(payload, "token=");
                http_url_escape_param(payload, input->token);
-               str_append(payload, "&client_id=");
-               http_url_escape_param(payload, set->client_id);
-               str_append(payload, "&client_secret=");
-               http_url_escape_param(payload, set->client_secret);
                url = set->introspection_url;
                method = "POST";
                break;