From 05e641572dda047decc8f8bf2581346674a70fad Mon Sep 17 00:00:00 2001
From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Tue, 26 May 2020 21:24:02 +0300
Subject: [PATCH] auth: db-oauth2 - Do not fallback into remote validation
 anymore

It makes no sense anymore with introspection_mode=local. One should
make another passdb.
---
 src/auth/db-oauth2.c | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/src/auth/db-oauth2.c b/src/auth/db-oauth2.c
index 7e9aa70697..d7d44868aa 100644
--- a/src/auth/db-oauth2.c
+++ b/src/auth/db-oauth2.c
@@ -764,17 +764,10 @@ void db_oauth2_lookup(struct db_oauth2 *db, struct db_oauth2_request *req,
 		e_debug(authdb_event(req->auth_request),
 			"oauth2: Attempting to locally validate token");
 		/* will send result if ret = 0 */
-		if (db_oauth2_local_validation(req) == 0)
-			return;
-		/* fallback to online validation */
-		if (*db->oauth2_set.tokeninfo_url == '\0' &&
-		    *db->oauth2_set.introspection_url == '\0') {
+		if (db_oauth2_local_validation(req) < 0)
 			db_oauth2_callback(req, PASSDB_RESULT_PASSWORD_MISMATCH,
 					   "oauth2: Not a JWT token");
-			return;
-		}
-		e_debug(authdb_event(req->auth_request),
-			"Token not a JWT token, falling back to online validation");
+		return;
 
 	}
 	if (db->oauth2_set.use_grant_password) {
-- 
2.47.3