Skip to content
Snippets Groups Projects
Unverified Commit 79d5874b authored by Chris's avatar Chris Committed by GitHub
Browse files

fix(tokenExchange): use correct token type for userInfo requests (#3336) 


Signed-off-by: default avatarChris H <33393789+MrDeerly@users.noreply.github.com>
parent fdb4dc63
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 4 additions and 1 deletion
connector/oidc/oidc.go
+ 4
1
View file @ 79d5874b
...@@ -433,7 +433,10 @@ func (c *oidcConnector) createIdentity(ctx context.Context, identity connector.I ...@@ -433,7 +433,10 @@ func (c *oidcConnector) createIdentity(ctx context.Context, identity connector.I
// We immediately want to run getUserInfo if configured before we validate the claims. // We immediately want to run getUserInfo if configured before we validate the claims.
// For token exchanges with access tokens, this is how we verify the token. // For token exchanges with access tokens, this is how we verify the token.
if c.getUserInfo { if c.getUserInfo {
userInfo, err := c.provider.UserInfo(ctx, oauth2.StaticTokenSource(token)) userInfo, err := c.provider.UserInfo(ctx, oauth2.StaticTokenSource(&oauth2.Token{
AccessToken: token.AccessToken,
TokenType: "Bearer", // The UserInfo endpoint requires a bearer token as per RFC6750
}))
if err != nil { if err != nil {
return identity, fmt.Errorf("oidc: error loading userinfo: %v", err) return identity, fmt.Errorf("oidc: error loading userinfo: %v", err)
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment