Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Problem/Motivation
Current generic implementation assumes there is always an id_token but several flavors of authorization_code flows exist and with the JWT usage id_token flavor is no more mainstream.
This issue is about ensuring id_token value can fallback on access_token value which should be sufficient most of the cases.
Steps to reproduce
Use a flow - or mock it - where id_token is not provided but access_token is valid.
Proposed resolution
In OpenIDConnectionClientBase.php#retrieveTokens, the following lines:
// Expected result.
$tokens = [
'id_token' => isset($response_data['id_token']) ? $response_data['id_token'] : NULL,
'access_token' => isset($response_data['access_token']) ? $response_data['access_token'] : NULL,
];could become:
// Expected result.
$access_token = isset($response_data['access_token']) ? $response_data['access_token'] : NULL;
$tokens = [
'id_token' => isset($response_data['id_token']) ? $response_data['id_token'] : $access_token,
'access_token' => $access_token,
];This does not prevent previously working impl to run properly and flows not providing id_token now work.
Remaining tasks
Apply previous patch :)
User interface changes
None
API changes
None
Data model changes
None
Comments
Comment #2
jcnventura CreditAttribution: jcnventura at 1xINTERNET commentedA patch would have been nicer.. But setting it to needs review anyway.
Comment #4
jcnventura CreditAttribution: jcnventura at 1xINTERNET commentedComment #6
jcnventura CreditAttribution: jcnventura at 1xINTERNET commentedSetting to the right version where this was addressed.