From e44975755350be415d9b95ab1d83a08ee044b830 Mon Sep 17 00:00:00 2001
From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Fri, 12 May 2023 08:59:50 +0300
Subject: [PATCH] lib-oauth2: Do not send client_id & client_secret as POST
 parameters when doing introspection

---
 src/lib-oauth2/oauth2-request.c | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/src/lib-oauth2/oauth2-request.c b/src/lib-oauth2/oauth2-request.c
index af3e72f57c..1c26e9347d 100644
--- a/src/lib-oauth2/oauth2-request.c
+++ b/src/lib-oauth2/oauth2-request.c
@@ -306,10 +306,6 @@ oauth2_introspection_start(const struct oauth2_settings *set,
 		payload = str_new(p, strlen(input->token)+6);
 		str_append(payload, "token=");
 		http_url_escape_param(payload, input->token);
-		str_append(payload, "&client_id=");
-		http_url_escape_param(payload, set->client_id);
-		str_append(payload, "&client_secret=");
-		http_url_escape_param(payload, set->client_secret);
 		url = set->introspection_url;
 		method = "POST";
 		break;
-- 
2.47.3