From 7d614a23953aa755a41ff3079bf23f6c11463b70 Mon Sep 17 00:00:00 2001
From: yoadey <stefan@may-ac.de>
Date: Wed, 2 Oct 2024 10:22:01 +0200
Subject: [PATCH] Fix 727: access_token not a jwt

---
 packages/api/src/auth/authProvider.js | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/packages/api/src/auth/authProvider.js b/packages/api/src/auth/authProvider.js
index 31c1b2e5..235d9764 100644
--- a/packages/api/src/auth/authProvider.js
+++ b/packages/api/src/auth/authProvider.js
@@ -83,9 +83,16 @@ class OAuthProvider extends AuthProviderBase {
       )}&client_id=${process.env.OAUTH_CLIENT_ID}&client_secret=${process.env.OAUTH_CLIENT_SECRET}${scopeParam}`
     );
 
-    const { access_token, refresh_token } = resp.data;
+    const { access_token, refresh_token, id_token } = resp.data;
 
-    const payload = jwt.decode(access_token);
+    var payload = jwt.decode(access_token);
+
+    // Fallback to id_token in case the access_token is not a JWT
+    // https://www.oauth.com/oauth2-servers/access-tokens/
+    // https://github.com/dbgate/dbgate/issues/727
+    if (!payload && id_token) {
+      payload = jwt.decode(id_token);
+    }
 
     logger.info({ payload }, 'User payload returned from OAUTH');