diff options
Diffstat (limited to 'services/auth/oauth2.go')
-rw-r--r-- | services/auth/oauth2.go | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/services/auth/oauth2.go b/services/auth/oauth2.go index 93806c7072..f7f870dade 100644 --- a/services/auth/oauth2.go +++ b/services/auth/oauth2.go @@ -113,7 +113,7 @@ func (o *OAuth2) Verify(req *http.Request, w http.ResponseWriter, store DataStor return nil } - if !middleware.IsAPIPath(req) && !isAttachmentDownload(req) { + if !middleware.IsAPIPath(req) && !isAttachmentDownload(req) && !isAuthenticatedTokenRequest(req) { return nil } @@ -134,3 +134,13 @@ func (o *OAuth2) Verify(req *http.Request, w http.ResponseWriter, store DataStor log.Trace("OAuth2 Authorization: Logged in user %-v", user) return user } + +func isAuthenticatedTokenRequest(req *http.Request) bool { + switch req.URL.Path { + case "/login/oauth/userinfo": + fallthrough + case "/login/oauth/introspect": + return true + } + return false +} |