Skip to content

Commit

Permalink
fix(core): issue organization_id claim for client credentials (#6170)
Browse files Browse the repository at this point in the history
  • Loading branch information
gao-sun authored Jul 3, 2024
1 parent 17921b5 commit de9ee89
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 1 deletion.
4 changes: 3 additions & 1 deletion packages/core/src/oidc/extra-token-claims.ts
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,9 @@ export const getExtraTokenClaimsForOrganizationApiResource = async (
return;
}

const isAccessToken = token instanceof ctx.oidc.provider.AccessToken;
const isAccessToken =
token instanceof ctx.oidc.provider.AccessToken ||
token instanceof ctx.oidc.provider.ClientCredentials;

// Only handle access tokens
if (!isAccessToken) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -244,6 +244,7 @@ describe('client credentials grant', () => {
expect(returnedScope).toBe(`${scope1.name} ${scope2.name}`);

const verified = await jwtVerify(accessToken, jwkSet, { audience: resource.indicator });
expect(verified.payload.organization_id).toBe(organization.id);
expect(verified.payload.scope).toBe(`${scope1.name} ${scope2.name}`);
});

Expand Down Expand Up @@ -271,6 +272,7 @@ describe('client credentials grant', () => {
expect(returnedScope1).toBe(scope1.name);

const verified1 = await jwtVerify(accessToken1, jwkSet, { audience: resource.indicator });
expect(verified1.payload.organization_id).toBe(organization.id);
expect(verified1.payload.scope).toBe(scope1.name);

const { access_token: accessToken2, scope: returnedScope2 } = await post({
Expand All @@ -281,6 +283,7 @@ describe('client credentials grant', () => {
expect(returnedScope2).toBe(undefined);

const verified2 = await jwtVerify(accessToken2, jwkSet, { audience: resource.indicator });
expect(verified1.payload.organization_id).toBe(organization.id);
expect(verified2.payload.scope).toBe(undefined);
});
});
Expand Down

0 comments on commit de9ee89

Please sign in to comment.