From dd2abc94ee765410cc3994a9aa9d464a9727dc3c Mon Sep 17 00:00:00 2001
From: Jannik Stehle <jannik.stehle@gmail.com>
Date: Fri, 30 Sep 2022 09:07:02 +0200
Subject: [PATCH] Make the tokeninfo endpoint unprotected as it is supposed to
 be available to the public

---
 changelog/unreleased/tokeninfo-endpoint-auth.md | 5 +++++
 services/proxy/pkg/middleware/authentication.go | 3 ++-
 2 files changed, 7 insertions(+), 1 deletion(-)
 create mode 100644 changelog/unreleased/tokeninfo-endpoint-auth.md

diff --git a/changelog/unreleased/tokeninfo-endpoint-auth.md b/changelog/unreleased/tokeninfo-endpoint-auth.md
new file mode 100644
index 000000000..856dfcb58
--- /dev/null
+++ b/changelog/unreleased/tokeninfo-endpoint-auth.md
@@ -0,0 +1,5 @@
+Bugfix: Make tokeninfo endpoint unprotected
+
+Make the tokeninfo endpoint unprotected as it is supposed to be available to the public.
+
+https://github.com/owncloud/ocis/pull/4715
diff --git a/services/proxy/pkg/middleware/authentication.go b/services/proxy/pkg/middleware/authentication.go
index 90ad1e6fb..d32decfe5 100644
--- a/services/proxy/pkg/middleware/authentication.go
+++ b/services/proxy/pkg/middleware/authentication.go
@@ -24,7 +24,8 @@ var (
 	_publicPaths = [...]string{
 		"/dav/public-files/",
 		"/remote.php/dav/public-files/",
-		"/remote.php/ocs/apps/files_sharing/api/v1/tokeninfo/unprotected",
+		"/ocs/v1.php/apps/files_sharing/api/v1/tokeninfo/unprotected",
+		"/ocs/v2.php/apps/files_sharing/api/v1/tokeninfo/unprotected",
 		"/ocs/v1.php/cloud/capabilities",
 	}
 )