Dealing with non-spec compliant OAuth endpoint returning { id_token: false }

[essential-randomness]

Hello,
I'm trying to add Tumblr as an OAuth provider for Next Auth, and I'm running into an issue where Tumblr's likely-misconfigured token endpoint (https://api.tumblr.com/v2/oauth2/token) triggers an error in this library.

As also stated in Tumblr's own documentation, their token endpoint is not supposed to return an id_token. In practice, however, it does return an id_token with a boolean value of false.

Here's an example of the reponse:

{
  access_token: "access_token_string",
  expires_at: 1656824037,
  token_type: 'bearer',
  scope: 'write',
  id_token: false
}

Because id_token is present as a key in the returned object, the oauthCallback method throws an exception ("id_token detected in the response") even if the value of the id_token is "falsy". I have confirmed that modifying the checks in client.js (here and here) to account for falsy values does solve the problem, and that the Tumblr OAuth authentication succeeds.

Is there a better way to fix this? If not, would you be open to a PR with this change?

[panva]

The client should behave as if the property was unrecognized, hence ignore it, when in oauth2 mode (unless it actually contains an ID Token in which case the throw is to let developers know they're not using the right OpenID Connect callback method).

v5.1.8 will address this.

Nevertheless, reach out to Tumblr's support to let them know they should remove this property from their responses.

[essential-randomness]

Thank you so much for the fix and quick reply :)