From e2e024e8f2c8a1f7cdd3fde6bdad7074485129f8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=89loi=20Rivard?= <eloi.rivard@aquilenet.fr>
Date: Wed, 13 Oct 2021 12:08:08 +0200
Subject: [PATCH] fixed introspection access rights

---
 canaille/oauth2utils.py | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/canaille/oauth2utils.py b/canaille/oauth2utils.py
index ec87c024..3321dba8 100644
--- a/canaille/oauth2utils.py
+++ b/canaille/oauth2utils.py
@@ -250,10 +250,8 @@ class IntrospectionEndpoint(_IntrospectionEndpoint):
                 tok = Token.filter(oauthRefreshToken=token)
         if tok:
             tok = tok[0]
-            if tok.oauthClient == client.dn:
+            if client.dn in tok.oauthAudience:
                 return tok
-            # if has_introspect_permission(client):
-            #    return tok
 
     def introspect_token(self, token):
         client_id = Client.get(token.oauthClient).oauthClientID