fix(common): support id_token in Authorization Code OAuth flow (#6144)

2026-04-28 01:04:02 +06:00 · 2026-04-28 01:04:02 +06:00 · 15d12f8ce5
commit 15d12f8ce5
parent 696ddc336c
1 changed files with 20 additions and 8 deletions
--- a/packages/hoppscotch-common/src/services/oauth/flows/authCode.ts
+++ b/packages/hoppscotch-common/src/services/oauth/flows/authCode.ts
@ -189,7 +189,6 @@ const initAuthCodeOauthFlow = async ({
    return E.left("INVALID_AUTH_ENDPOINT")
  }

-  url.searchParams.set("grant_type", "authorization_code")
  url.searchParams.set("client_id", clientID)
  url.searchParams.set("state", state)
  url.searchParams.set("response_type", "code")
@ -289,18 +288,31 @@ const handleRedirectForAuthCodeOauthFlow = async (localConfig: string) => {
    return E.left("AUTH_TOKEN_REQUEST_FAILED" as const)
  }

-  const withAccessTokenSchema = z.object({
-    access_token: z.string(),
+  const withAccessTokenSchema = z
+    .object({
+      access_token: z.string().optional(),
+      id_token: z.string().optional(),
      refresh_token: z.string().optional(),
    })
+    .refine((data) => data.access_token || data.id_token, {
+      message: "Either access_token or id_token must be present",
+    })

  const parsedTokenResponse = withAccessTokenSchema.safeParse(
    responsePayload.right
  )

-  return parsedTokenResponse.success
-    ? E.right(parsedTokenResponse.data)
-    : E.left("AUTH_TOKEN_REQUEST_INVALID_RESPONSE" as const)
+  if (!parsedTokenResponse.success) {
+    return E.left("AUTH_TOKEN_REQUEST_INVALID_RESPONSE" as const)
+  }
+
+  return E.right({
+    access_token:
+      parsedTokenResponse.data.access_token ||
+      parsedTokenResponse.data.id_token ||
+      "",
+    refresh_token: parsedTokenResponse.data.refresh_token,
+  })
 }

 const generateCodeVerifier = () => {