Skip to content
This repository has been archived by the owner on Aug 28, 2023. It is now read-only.

OIDC authentication fails when oauth token_type is 'bearer' and not 'Bearer' #264

Closed
lindblad opened this issue Dec 5, 2016 · 2 comments
Assignees
Labels

Comments

@lindblad
Copy link

lindblad commented Dec 5, 2016

Got a problem for OIDC strategy on line 1030 in oidcstrategy.js
// token_type must be 'Bearer'
if (items.token_type !== 'Bearer') {
log.info('token_type received is: ', items.token_type);
return next(new Error(In _authCodeFlowHandler: token_type received is not 'Bearer'));
}
Our AD returns 'bearer' token_type, not 'Bearer'. Is it possible to change the check to
if (items.token_type.toLowerCase() !== 'bearer') {
?

@lovemaths
Copy link
Contributor

@lindblad Yes we can do that in the next release. I will make a PR for it.

@lovemaths lovemaths self-assigned this Dec 5, 2016
lovemaths added a commit that referenced this issue Dec 5, 2016
We used to only allow 'Bearer' for token_type, now we make it case insensitive and allow something like 'bearer'.
lovemaths added a commit that referenced this issue Dec 5, 2016
We used to only allow 'Bearer' for token_type, now we make it case insensitive and allow something like 'bearer'.
lovemaths added a commit that referenced this issue Dec 6, 2016
Issue #264 make token_type case insensitive for OIDCStrategy
@lovemaths
Copy link
Contributor

Delivered in 3.0.4

@brentschmaltz brentschmaltz added this to the 3.0.4 milestone Feb 28, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

No branches or pull requests

3 participants