From 49ef47a350678fd2261e4d19a16868d95fefa172 Mon Sep 17 00:00:00 2001
From: Vojtech Vitek <vv@horizon.io>
Date: Tue, 22 Jul 2025 19:20:18 +0200
Subject: [PATCH 1/2] Add jwt_token to service config, remove access_key

---
 config.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/config.go b/config.go
index ffce37d..0d5be73 100644
--- a/config.go
+++ b/config.go
@@ -1,7 +1,7 @@
 package authcontrol
 
 type ServiceConfig struct {
-	URL       string `toml:"url"`
-	JWTSecret string `toml:"jwt_secret"`
-	AccessKey string `toml:"access_key"`
+	URL       string `toml:"url"`        // Base URL of the service.
+	JWTSecret string `toml:"jwt_secret"` // Secret used to create JWT token for S2S authentication.
+	JWTToken  string `toml:"jwt_token"`  // Static JWT token used for authentication.
 }

From e526492019fc80cfe2e5311d230c84d858ef9aed Mon Sep 17 00:00:00 2001
From: Vojtech Vitek <vv@horizon.io>
Date: Tue, 22 Jul 2025 19:29:08 +0200
Subject: [PATCH 2/2] Remove AccessKey from S2S client as it's only meant for
 web

---
 config.go |  9 ++++++---
 s2s.go    | 17 ++++++-----------
 2 files changed, 12 insertions(+), 14 deletions(-)

diff --git a/config.go b/config.go
index 0d5be73..72e5e2e 100644
--- a/config.go
+++ b/config.go
@@ -1,7 +1,10 @@
 package authcontrol
 
 type ServiceConfig struct {
-	URL       string `toml:"url"`        // Base URL of the service.
-	JWTSecret string `toml:"jwt_secret"` // Secret used to create JWT token for S2S authentication.
-	JWTToken  string `toml:"jwt_token"`  // Static JWT token used for authentication.
+	// Base URL of the service.
+	URL string `toml:"url"`
+	// JWTSecret is used to create dynamic JWT tokens for S2S auth.
+	JWTSecret string `toml:"jwt_secret"`
+	// JWTToken is a static JWT token for S2S auth.
+	JWTToken string `toml:"jwt_token"`
 }
diff --git a/s2s.go b/s2s.go
index eaa024b..127ecf1 100644
--- a/s2s.go
+++ b/s2s.go
@@ -14,15 +14,13 @@ import (
 )
 
 type S2SClientConfig struct {
-	// JWTToken is the static JWT token used for authentication.
-	JWTToken string
-	// JWTSecret is the secret key used to dynamically create JWT BEARER token for authorization.
-	JWTSecret string
-	// Service is used in the service claim of the JWT token.
+	// Service defines the "service" claim in the JWT token.
 	Service string
-	// AccessKey is an optional access key used for authentication.
-	AccessKey string
-	// DebugRequests enables logging of HTTP requests.
+	// JWTSecret is used to create dynamic JWT tokens for S2S auth.
+	JWTSecret string
+	// JWTToken is a static JWT token for S2S auth.
+	JWTToken string
+	// DebugRequests enables HTTP request logging.
 	DebugRequests bool
 }
 
@@ -44,9 +42,6 @@ func S2SClient(cfg *S2SClientConfig) *http.Client {
 			transport.If(cfg.JWTToken != "",
 				transport.SetHeader("Authorization", "BEARER "+cfg.JWTToken),
 			),
-			transport.If(cfg.AccessKey != "",
-				transport.SetHeader("X-Access-Key", cfg.AccessKey),
-			),
 			transport.If(cfg.DebugRequests,
 				transport.LogRequests(transport.LogOptions{Concise: true, CURL: true}),
 			),