From eb5ef7d7d5fa99694f62c22d75dd0ff2d048b83a Mon Sep 17 00:00:00 2001 From: James Cleverley-Prance Date: Tue, 3 Jun 2025 17:28:56 +0100 Subject: [PATCH] fix: send id_token in OAuth2 requests (#223) --- plugins/auth-oauth2/src/index.ts | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/plugins/auth-oauth2/src/index.ts b/plugins/auth-oauth2/src/index.ts index 9597a6d5..85874a04 100644 --- a/plugins/auth-oauth2/src/index.ts +++ b/plugins/auth-oauth2/src/index.ts @@ -303,6 +303,7 @@ export const plugin: PluginDefinition = { const headerPrefix = stringArg(values, 'headerPrefix'); const grantType = stringArg(values, 'grantType') as GrantType; const credentialsInBody = values.credentials === 'body'; + const tokenName = values.tokenName === 'id_token' ? 'id_token' : 'access_token'; let token: AccessToken; if (grantType === 'authorization_code') { @@ -328,7 +329,7 @@ export const plugin: PluginDefinition = { codeVerifier: stringArgOrNull(values, 'pkceCodeVerifier'), } : null, - tokenName: values.tokenName === 'id_token' ? 'id_token' : 'access_token', + tokenName: tokenName, }); } else if (grantType === 'implicit') { const authorizationUrl = stringArg(values, 'authorizationUrl'); @@ -342,7 +343,7 @@ export const plugin: PluginDefinition = { scope: stringArgOrNull(values, 'scope'), audience: stringArgOrNull(values, 'audience'), state: stringArgOrNull(values, 'state'), - tokenName: values.tokenName === 'id_token' ? 'id_token' : 'access_token', + tokenName: tokenName, }); } else if (grantType === 'client_credentials') { const accessTokenUrl = stringArg(values, 'accessTokenUrl'); @@ -374,7 +375,7 @@ export const plugin: PluginDefinition = { throw new Error('Invalid grant type ' + grantType); } - const headerValue = `${headerPrefix} ${token.response.access_token}`.trim(); + const headerValue = `${headerPrefix} ${token.response[tokenName]}`.trim(); return { setHeaders: [ {