Fall back to bearer token type

Sometimes in customized scenarios, the token type might be unavailable. If that happens, we will now fall back to assuming the token is a bearer token.
DuendeSoftware · Aug 23, 2023 · 5a69060 · 5a69060
1 parent 0b88db5
commit 5a69060
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/src/Duende.Bff/Extensions/HttpContextExtensions.cs b/src/Duende.Bff/Extensions/HttpContextExtensions.cs
@@ -59,8 +59,11 @@ public static async Task<AccessTokenResult> GetManagedAccessToken(this HttpConte
                  new AccessTokenRetrievalError("Missing DPoP Json Web Key for DPoP token"),
             { AccessTokenType: string accessTokenType } =>
                 new AccessTokenRetrievalError($"Unexpected access token type: {accessTokenType} - should be one of 'DPoP' or 'Bearer'"),
-            { AccessTokenType: null } =>
-                new AccessTokenRetrievalError("Missing access token type - should be one of 'DPoP' or 'Bearer'")
+            { AccessTokenType: null } => 
+                // Fall back to bearer tokens when the access token type is absent.
+                // In some edge cases, we've seen bearer tokens not have their type specified.
+                // But that wouldn't be the case if you had a DPoP token.
+                new BearerTokenResult(token.AccessToken)
         };
 
         static async Task<ClientCredentialsToken> GetUserOrClientAccessTokenAsync(HttpContext context, UserTokenRequestParameters? userAccessTokenParameters)