# HG changeset patch
# User Aki Tuomi <aki.tuomi@dovecot.fi>
# Date 1487668717 -7200
# Node ID 7f927c405b2fd9e7a309d4c66603e361cb472da0
# Parent  a66e16598d6ebe5a35f9da8c3486c84ad1604e28
lib-oauth2: Support basic authorization

diff -r a66e16598d6e -r 7f927c405b2f src/lib-oauth2/oauth2-introspect.c
--- a/src/lib-oauth2/oauth2-introspect.c	Mon Feb 20 14:50:39 2017 +0200
+++ b/src/lib-oauth2/oauth2-introspect.c	Tue Feb 21 11:18:37 2017 +0200
@@ -86,7 +86,8 @@
 		http_url_escape_param(enc, input->token);
 	}
 
-	if (http_url_parse(str_c(enc), NULL, 0, pool, &url, &error) < 0) {
+	if (http_url_parse(str_c(enc), NULL, HTTP_URL_ALLOW_USERINFO_PART, pool,
+			   &url, &error) < 0) {
 		fail.error = t_strdup_printf("http_url_parse(%s) failed: %s",
 					     str_c(enc), error);
 		oauth2_introspection_callback(req, &fail);
@@ -108,12 +109,13 @@
 						   req);
 	}
 
-	if (set->introspection_mode == INTROSPECTION_MODE_GET_AUTH)
+	if (url->user != NULL)
+		http_client_request_set_auth_simple(req->req, url->user, url->password);
+	else if (set->introspection_mode == INTROSPECTION_MODE_GET_AUTH)
 		http_client_request_add_header(req->req,
 					       "Authorization",
 					       t_strdup_printf("Bearer %s",
 							       input->token));
-
 	oauth2_request_set_headers(req, input);
 
 	http_client_request_set_timeout_msecs(req->req,
diff -r a66e16598d6e -r 7f927c405b2f src/lib-oauth2/oauth2-refresh.c
--- a/src/lib-oauth2/oauth2-refresh.c	Mon Feb 20 14:50:39 2017 +0200
+++ b/src/lib-oauth2/oauth2-refresh.c	Tue Feb 21 11:18:37 2017 +0200
@@ -119,11 +119,11 @@
 	req->re_callback = callback;
 	req->re_context = context;
 
-	const char *_url = req->set->refresh_url;
 
-	if (http_url_parse(_url, NULL, 0, pool, &url, &error) < 0) {
+	if (http_url_parse(req->set->refresh_url, NULL, HTTP_URL_ALLOW_USERINFO_PART,
+			   pool, &url, &error) < 0) {
 		fail.error = t_strdup_printf("http_url_parse(%s) failed: %s",
-					     _url, error);
+					     req->set->refresh_url, error);
 		oauth2_refresh_callback(req, &fail);
 		return req;
 	}
@@ -141,6 +141,9 @@
 
 	struct istream *is = i_stream_create_from_string(payload);
 
+	if (url->user != NULL)
+		http_client_request_set_auth_simple(req->req, url->user, url->password);
+
 	http_client_request_add_header(req->req, "Content-Type",
 				       "application/x-www-form-urlencoded");
 
diff -r a66e16598d6e -r 7f927c405b2f src/lib-oauth2/oauth2-token-validate.c
--- a/src/lib-oauth2/oauth2-token-validate.c	Mon Feb 20 14:50:39 2017 +0200
+++ b/src/lib-oauth2/oauth2-token-validate.c	Tue Feb 21 11:18:37 2017 +0200
@@ -112,7 +112,8 @@
 	str_append(enc, req->set->tokeninfo_url);
 	http_url_escape_param(enc, input->token);
 
-	if (http_url_parse(str_c(enc), NULL, 0, pool, &url, &error) < 0) {
+	if (http_url_parse(str_c(enc), NULL, HTTP_URL_ALLOW_USERINFO_PART, pool,
+			   &url, &error) < 0) {
 		fail.error = t_strdup_printf("http_url_parse(%s) failed: %s",
 					     str_c(enc), error);
 		oauth2_token_validation_callback(req, &fail);
@@ -122,10 +123,14 @@
 	req->req = http_client_request_url(req->set->client, "GET", url,
 					   oauth2_token_validate_response,
 					   req);
-	http_client_request_add_header(req->req,
-				       "Authorization",
-				       t_strdup_printf("Bearer %s",
-						       input->token));
+
+        if (url->user != NULL)
+                http_client_request_set_auth_simple(req->req, url->user, url->password);
+	else
+		http_client_request_add_header(req->req,
+					       "Authorization",
+					       t_strdup_printf("Bearer %s",
+							       input->token));
 
 	oauth2_request_set_headers(req, input);