From de151031eaece1c7537f9a7b3ba1c1ba3fe9d579 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Triszt=C3=A1n=20Piller?= <60111772+triszt4n@users.noreply.github.com> Date: Sun, 17 Apr 2022 02:39:07 +0200 Subject: [PATCH] feat(auth): OAuth2 access_token in GET query string in userInfoURL (#5188) --- server/modules/authentication/oauth2/authentication.js | 2 +- server/modules/authentication/oauth2/definition.yml | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/server/modules/authentication/oauth2/authentication.js b/server/modules/authentication/oauth2/authentication.js index 1ac9901b..a2285cff 100644 --- a/server/modules/authentication/oauth2/authentication.js +++ b/server/modules/authentication/oauth2/authentication.js @@ -37,7 +37,7 @@ module.exports = { }) client.userProfile = function (accesstoken, done) { - this._oauth2._useAuthorizationHeaderForGET = true + this._oauth2._useAuthorizationHeaderForGET = !conf.useQueryStringForAccessToken this._oauth2.get(conf.userInfoURL, accesstoken, (err, data) => { if (err) { return done(err) diff --git a/server/modules/authentication/oauth2/definition.yml b/server/modules/authentication/oauth2/definition.yml index 38d13901..0621aa39 100644 --- a/server/modules/authentication/oauth2/definition.yml +++ b/server/modules/authentication/oauth2/definition.yml @@ -64,3 +64,9 @@ props: title: Scope hint: (optional) Application Client permission scopes. order: 10 + useQueryStringForAccessToken: + type: Boolean + default: false + title: Pass access token via GET query string to User Info Endpoint + hint: (optional) Pass the access token in an `access_token` parameter attached to the GET query string of the User Info Endpoint URL. Otherwise the access token will be passed in the Authorization header. + order: 11