Skip to content

Commit

Permalink
fix(core): issue organization_id claim for client credentials
Browse files Browse the repository at this point in the history
  • Loading branch information
@gao-sun
gao-sun committed Jul 3, 2024
1 parent 06ef199 commit 243e64a
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 1 deletion.
4 changes: 3 additions & 1 deletion packages/core/src/oidc/extra-token-claims.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,9 @@ export const getExtraTokenClaimsForOrganizationApiResource = async (
return;
}

const isAccessToken = token instanceof ctx.oidc.provider.AccessToken;
const isAccessToken =
token instanceof ctx.oidc.provider.AccessToken ||
token instanceof ctx.oidc.provider.ClientCredentials;

Check warning on line 39 in packages/core/src/oidc/extra-token-claims.ts

View check run for this annotation

Codecov / codecov/patch

packages/core/src/oidc/extra-token-claims.ts#L37-L39 

Added lines #L37 - L39 were not covered by tests

// Only handle access tokens
if (!isAccessToken) {
Expand Down
3 changes: 3 additions & 0 deletions packages/integration-tests/src/tests/api/oidc/client-credentials-grant.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -244,6 +244,7 @@ describe('client credentials grant', () => {
expect(returnedScope).toBe(`${scope1.name} ${scope2.name}`);

const verified = await jwtVerify(accessToken, jwkSet, { audience: resource.indicator });
expect(verified.payload.organization_id).toBe(organization.id);
expect(verified.payload.scope).toBe(`${scope1.name} ${scope2.name}`);
});

Expand Down Expand Up @@ -271,6 +272,7 @@ describe('client credentials grant', () => {
expect(returnedScope1).toBe(scope1.name);

const verified1 = await jwtVerify(accessToken1, jwkSet, { audience: resource.indicator });
expect(verified1.payload.organization_id).toBe(organization.id);
expect(verified1.payload.scope).toBe(scope1.name);

const { access_token: accessToken2, scope: returnedScope2 } = await post({
Expand All @@ -281,6 +283,7 @@ describe('client credentials grant', () => {
expect(returnedScope2).toBe(undefined);

const verified2 = await jwtVerify(accessToken2, jwkSet, { audience: resource.indicator });
expect(verified1.payload.organization_id).toBe(organization.id);
expect(verified2.payload.scope).toBe(undefined);
});
});
Expand Down

0 comments on commit 243e64a

Please sign in to comment.