disable auth-url checking

bump version

Author: Psilo

pom.xml

@@ -17,7 +17,7 @@
 
 	<modelVersion>4.0.0</modelVersion>
 	<artifactId>http-server</artifactId>
-	<version>0.1.0</version>
+	<version>0.1.1</version>
 	<name>HttpServer</name>
 	<packaging>jar</packaging>
 

src/main/java/info/unterrainer/commons/httpserver/accessmanager/HttpAccessManager.java

@@ -171,10 +171,11 @@ private TokenVerifier<AccessToken> persistUserInfoInContext(final Context ctx) {
 				setTokenRejectionReason(ctx, "Token is no bearer-token.");
 				return null;
 			}
-			if (!token.getIssuer().equalsIgnoreCase(authUrl)) {
-				setTokenRejectionReason(ctx, "Token has wrong real-url.");
-				return null;
-			}
+			// Disabled to enable getting token from side-channels like 'localhost'.
+			/*
+			 * if (!token.getIssuer().equalsIgnoreCase(authUrl)) {
+			 * setTokenRejectionReason(ctx, "Token has wrong real-url."); return null; }
+			 */
 			return tokenVerifier;
 
 		} catch (VerificationException e) {