From 1bd498fff09ede6d1ad5d35c6143afa96ad3fb61 Mon Sep 17 00:00:00 2001
From: Jason Fox <jason-fox@users.noreply.github.com>
Date: Thu, 17 Aug 2023 14:28:42 +0200
Subject: [PATCH] Fix #340 - only bar access_token as header

Untested change, but this should allow the authzforce location to be queried using

```console
curl -X GET \
  'http://keyrock/user?access_token={{access_token}}&app_id={{app_id}}&authzforce=true'
```

As was possible prior to Keyrock 8.4.0
---
 controllers/oauth2/oauth2.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/controllers/oauth2/oauth2.js b/controllers/oauth2/oauth2.js
index 8efdb7ec..1657698f 100755
--- a/controllers/oauth2/oauth2.js
+++ b/controllers/oauth2/oauth2.js
@@ -470,7 +470,7 @@ exports.authenticate_token = function (req, res) {
     access_token: req.query.access_token || header_access_token
   };
 
-  if (options.authzforce && (options.action || options.resource || options.service_header || options.access_token)) {
+  if (options.authzforce && (options.action || options.resource || options.service_header || header_access_token )) {
     const error = {
       message: 'Cannot handle 2 authentications levels at the same time',
       code: 400,