Converting userinfo authorization to a config var

lemur/auth/views.py

@@ -112,11 +112,17 @@ def retrieve_user(user_api_url, access_token):
     """
     user_params = dict(access_token=access_token, schema='profile')
 
+    headers = {}
+
+    if current_app.config.get('PING_INCLUDE_BEARER_TOKEN'):
+        headers = {'Authorization': f'Bearer {access_token}'}
+
     # retrieve information about the current user.
     r = requests.get(
         user_api_url,
         params=user_params,
-        headers={'Authorization': 'Bearer {}'.format(access_token)})
+        headers=headers,
+    )
     profile = r.json()
 
     user = user_service.get_by_email(profile['email'])