From 9f6a3da8d3b8a524f478d20c2ead484321a97b58 Mon Sep 17 00:00:00 2001
From: Gregory Schier <gschier1990@gmail.com>
Date: Tue, 3 Jun 2025 12:42:31 -0700
Subject: [PATCH] Disable auth for OAuth token http requests

---
 plugins/auth-oauth2/src/getAccessToken.ts          | 3 +++
 plugins/auth-oauth2/src/getOrRefreshAccessToken.ts | 4 ++++
 2 files changed, 7 insertions(+)

diff --git a/plugins/auth-oauth2/src/getAccessToken.ts b/plugins/auth-oauth2/src/getAccessToken.ts
index def2c6f1..480a17b2 100644
--- a/plugins/auth-oauth2/src/getAccessToken.ts
+++ b/plugins/auth-oauth2/src/getAccessToken.ts
@@ -50,8 +50,11 @@ export async function getAccessToken(
     httpRequest.headers!.push({ name: 'Authorization', value });
   }
 
+  httpRequest.authenticationType = 'none'; // Don't inherit workspace auth
   const resp = await ctx.httpRequest.send({ httpRequest });
 
+  console.log('[oauth2] Got access token response', resp.status);
+
   const body = resp.bodyPath ? readFileSync(resp.bodyPath, 'utf8') : '';
 
   if (resp.status < 200 || resp.status >= 300) {
diff --git a/plugins/auth-oauth2/src/getOrRefreshAccessToken.ts b/plugins/auth-oauth2/src/getOrRefreshAccessToken.ts
index 94abfc82..12400963 100644
--- a/plugins/auth-oauth2/src/getOrRefreshAccessToken.ts
+++ b/plugins/auth-oauth2/src/getOrRefreshAccessToken.ts
@@ -63,6 +63,7 @@ export async function getOrRefreshAccessToken(ctx: Context, contextId: string, {
     httpRequest.headers!.push({ name: 'Authorization', value });
   }
 
+  httpRequest.authenticationType = 'none'; // Don't inherit workspace auth
   const resp = await ctx.httpRequest.send({ httpRequest });
 
   if (resp.status === 401) {
@@ -75,6 +76,8 @@ export async function getOrRefreshAccessToken(ctx: Context, contextId: string, {
 
   const body = resp.bodyPath ? readFileSync(resp.bodyPath, 'utf8') : '';
 
+  console.log('[oauth2] Got refresh token response', resp.status);
+
   if (resp.status < 200 || resp.status >= 300) {
     throw new Error('Failed to refresh access token with status=' + resp.status + ' and body=' + body);
   }
@@ -95,5 +98,6 @@ export async function getOrRefreshAccessToken(ctx: Context, contextId: string, {
     // Assign a new one or keep the old one,
     refresh_token: response.refresh_token ?? token.response.refresh_token,
   };
+
   return storeToken(ctx, contextId, newResponse);
 }