diff --git a/docs/docs/authorization_server/configuration.mdx b/docs/docs/authorization_server/configuration.mdx
index 884651d6..1123df5a 100644
--- a/docs/docs/authorization_server/configuration.mdx
+++ b/docs/docs/authorization_server/configuration.mdx
@@ -15,8 +15,8 @@ The authorization server has a few optional settings with the following default
| `notBeforeLeeway` | number | 0 | Implementers MAY provide for some small leeway, usually no more than a few minutes, to account for clock skew. Its value MUST be a number containing a NumericDate value. |
| `tokenCID` | "id" or "name" | "id" | Sets the JWT `accessToken.cid` to either the `client.id` or `client.name`.
In 3.x the default is **"id"**, in v2.x the default was **"name"**. [[Learn more]][token-cid] |
| `issuer` | string \| undefined | undefined | Sets the JWT `accessToken.iss` to this value. |
-| `introspectWithClientCredentials` | boolean | false | Authorize [the /introspect endpoint](../endpoints/introspect.mdx) using `client_credentials`, this requires users to pass in a valid client_id and client_secret (or Authorization header) |
-| `revokeWithClientCredentials` | boolean | false | Authorize [the /revoke endpoint](../endpoints/revoke.mdx) using `client_credentials`, this requires users to pass in a valid client_id and client_secret (or Authorization header) |
+| `authenticateIntrospect` | boolean | false | Authorize [the /introspect endpoint](../endpoints/introspect.mdx) using `client_credentials`, this requires users to pass in a valid client_id and client_secret (or Authorization header) |
+| `authenticateRevoke` | boolean | false | Authorize [the /revoke endpoint](../endpoints/revoke.mdx) using `client_credentials`, this requires users to pass in a valid client_id and client_secret (or Authorization header) |
```ts
type AuthorizationServerOptions = {
@@ -25,8 +25,8 @@ type AuthorizationServerOptions = {
notBeforeLeeway: 0;
tokenCID: "id" | "name";
issuer: undefined;
- introspectWithClientCredentials: boolean;
- revokeWithClientCredentials: boolean;
+ authenticateIntrospect: boolean;
+ authenticateRevoke: boolean;
};
```
diff --git a/src/authorization_server.ts b/src/authorization_server.ts
index 992abb77..2ff7f8ca 100644
--- a/src/authorization_server.ts
+++ b/src/authorization_server.ts
@@ -30,8 +30,8 @@ export interface AuthorizationServerOptions {
tokenCID: "id" | "name";
issuer?: string;
scopeDelimiter: string;
- introspectWithClientCredentials: boolean;
- revokeWithClientCredentials: boolean;
+ authenticateIntrospect: boolean;
+ authenticateRevoke: boolean;
}
export type EnableableGrants =
diff --git a/src/grants/auth_code.grant.ts b/src/grants/auth_code.grant.ts
index fe932de0..f4100134 100644
--- a/src/grants/auth_code.grant.ts
+++ b/src/grants/auth_code.grant.ts
@@ -314,7 +314,7 @@ export class AuthCodeGrant extends AbstractAuthorizedGrant {
async respondToRevokeRequest(req: RequestInterface): Promise {
req.body["grant_type"] = this.identifier;
- if (this.options.revokeWithClientCredentials) await this.validateClient(req);
+ if (this.options.authenticateRevoke) await this.validateClient(req);
const token = this.getRequestParameter("token", req);
diff --git a/src/grants/client_credentials.grant.ts b/src/grants/client_credentials.grant.ts
index e0c4b2f7..85699ce2 100644
--- a/src/grants/client_credentials.grant.ts
+++ b/src/grants/client_credentials.grant.ts
@@ -32,7 +32,7 @@ export class ClientCredentialsGrant extends AbstractGrant {
async respondToIntrospectRequest(req: RequestInterface): Promise {
req.body["grant_type"] = this.identifier;
- if (this.options.introspectWithClientCredentials) await this.validateClient(req);
+ if (this.options.authenticateIntrospect) await this.validateClient(req);
const { parsedToken, oauthToken, expiresAt, tokenType } = await this.tokenFromRequest(req);
@@ -60,7 +60,7 @@ export class ClientCredentialsGrant extends AbstractGrant {
async respondToRevokeRequest(req: RequestInterface): Promise {
req.body["grant_type"] = this.identifier;
- if (this.options.revokeWithClientCredentials) await this.validateClient(req);
+ if (this.options.authenticateRevoke) await this.validateClient(req);
let { oauthToken } = await this.tokenFromRequest(req);
diff --git a/src/options.ts b/src/options.ts
index e8ef7fa2..ec47ed5f 100644
--- a/src/options.ts
+++ b/src/options.ts
@@ -7,6 +7,6 @@ export const DEFAULT_AUTHORIZATION_SERVER_OPTIONS: AuthorizationServerOptions =
tokenCID: "id",
issuer: undefined,
scopeDelimiter: " ",
- introspectWithClientCredentials: false,
- revokeWithClientCredentials: false,
+ authenticateIntrospect: false,
+ authenticateRevoke: false,
};
diff --git a/test/e2e/authorization_server.spec.ts b/test/e2e/authorization_server.spec.ts
index c5f33d3e..916eec7d 100644
--- a/test/e2e/authorization_server.spec.ts
+++ b/test/e2e/authorization_server.spec.ts
@@ -361,7 +361,7 @@ describe("authorization_server", () => {
inMemoryDatabase.clients[client.id] = client;
});
- describe("without option introspectWithClientCredentials=false", () => {
+ describe("without option authenticateIntrospect=false", () => {
it("does not require client credentials", async () => {
authorizationServer = new AuthorizationServer(
inMemoryClientRepository,
@@ -369,7 +369,7 @@ describe("authorization_server", () => {
inMemoryScopeRepository,
new JwtService("secret-key"),
{
- introspectWithClientCredentials: false,
+ authenticateIntrospect: false,
},
);
@@ -556,7 +556,7 @@ describe("authorization_server", () => {
inMemoryDatabase.clients[client.id] = client;
});
- describe("without option revokeWithClientCredentials=false", () => {
+ describe("without option authenticateRevoke=false", () => {
it("does not require client credentials", async () => {
const authorizationServer = new AuthorizationServer(
inMemoryClientRepository,
@@ -564,7 +564,7 @@ describe("authorization_server", () => {
inMemoryScopeRepository,
new JwtService("secret-key"),
{
- revokeWithClientCredentials: false,
+ authenticateRevoke: false,
},
);