fix(core): Do not add Authentication header when authentication type is body (#8201)

2025-12-17 18:12:04 +00:00 · 2024-01-08 12:38:24 +01:00
parent ccb2b076f8
commit ac1c642fdd
9 changed files with 117 additions and 94 deletions
--- a/packages/@n8n/client-oauth2/test/CredentialsFlow.test.ts
+++ b/packages/@n8n/client-oauth2/test/CredentialsFlow.test.ts
@@ -1,4 +1,6 @@
 import nock from 'nock';
+import type { Headers } from '../src/types';
+import type { ClientOAuth2Options } from '../src';
 import { ClientOAuth2, ClientOAuth2Token } from '../src';
 import * as config from './config';

@@ -11,18 +13,24 @@ describe('CredentialsFlow', () => {
 		nock.restore();
 	});

+	beforeEach(() => jest.clearAllMocks());
+
 	describe('#getToken', () => {
-		const createAuthClient = (scopes?: string[]) =>
+		const createAuthClient = ({
+			scopes,
+			authentication,
+		}: Pick<ClientOAuth2Options, 'scopes' | 'authentication'> = {}) =>
 			new ClientOAuth2({
 				clientId: config.clientId,
 				clientSecret: config.clientSecret,
 				accessTokenUri: config.accessTokenUri,
+				authentication,
 				authorizationGrants: ['credentials'],
 				scopes,
 			});

-		const mockTokenCall = (requestedScope?: string) =>
-			nock(config.baseUrl)
+		const mockTokenCall = async ({ requestedScope }: { requestedScope?: string } = {}) => {
+			const nockScope = nock(config.baseUrl)
 				.post(
 					'/login/oauth/access_token',
 					({ scope, grant_type }) =>
@@ -34,10 +42,19 @@ describe('CredentialsFlow', () => {
 					refresh_token: config.refreshToken,
 					scope: requestedScope,
 				});
+			return new Promise<{ headers: Headers; body: unknown }>((resolve) => {
+				nockScope.once('request', (req) => {
+					resolve({
+						headers: req.headers,
+						body: req.requestBodyBuffers.toString('utf-8'),
+					});
+				});
+			});
+		};

 		it('should request the token', async () => {
-			const authClient = createAuthClient(['notifications']);
-			mockTokenCall('notifications');
+			const authClient = createAuthClient({ scopes: ['notifications'] });
+			const requestPromise = mockTokenCall({ requestedScope: 'notifications' });

 			const user = await authClient.credentials.getToken();

@@ -45,34 +62,62 @@ describe('CredentialsFlow', () => {
 			expect(user.accessToken).toEqual(config.accessToken);
 			expect(user.tokenType).toEqual('bearer');
 			expect(user.data.scope).toEqual('notifications');
+
+			const { headers, body } = await requestPromise;
+			expect(headers.authorization).toBe('Basic YWJjOjEyMw==');
+			expect(body).toEqual('grant_type=client_credentials&scope=notifications');
 		});

 		it('when scopes are undefined, it should not send scopes to an auth server', async () => {
 			const authClient = createAuthClient();
-			mockTokenCall();
+			const requestPromise = mockTokenCall();

 			const user = await authClient.credentials.getToken();
 			expect(user).toBeInstanceOf(ClientOAuth2Token);
 			expect(user.accessToken).toEqual(config.accessToken);
 			expect(user.tokenType).toEqual('bearer');
 			expect(user.data.scope).toEqual(undefined);
+
+			const { body } = await requestPromise;
+			expect(body).toEqual('grant_type=client_credentials');
 		});

 		it('when scopes is an empty array, it should send empty scope string to an auth server', async () => {
-			const authClient = createAuthClient([]);
-			mockTokenCall('');
+			const authClient = createAuthClient({ scopes: [] });
+			const requestPromise = mockTokenCall({ requestedScope: '' });

 			const user = await authClient.credentials.getToken();
 			expect(user).toBeInstanceOf(ClientOAuth2Token);
 			expect(user.accessToken).toEqual(config.accessToken);
 			expect(user.tokenType).toEqual('bearer');
 			expect(user.data.scope).toEqual('');
+
+			const { body } = await requestPromise;
+			expect(body).toEqual('grant_type=client_credentials&scope=');
+		});
+
+		it('should handle authentication = "header"', async () => {
+			const authClient = createAuthClient({ scopes: [] });
+			const requestPromise = mockTokenCall({ requestedScope: '' });
+			await authClient.credentials.getToken();
+			const { headers, body } = await requestPromise;
+			expect(headers?.authorization).toBe('Basic YWJjOjEyMw==');
+			expect(body).toEqual('grant_type=client_credentials&scope=');
+		});
+
+		it('should handle authentication = "body"', async () => {
+			const authClient = createAuthClient({ scopes: [], authentication: 'body' });
+			const requestPromise = mockTokenCall({ requestedScope: '' });
+			await authClient.credentials.getToken();
+			const { headers, body } = await requestPromise;
+			expect(headers?.authorization).toBe(undefined);
+			expect(body).toEqual('grant_type=client_credentials&scope=&client_id=abc&client_secret=123');
 		});

 		describe('#sign', () => {
 			it('should be able to sign a standard request object', async () => {
-				const authClient = createAuthClient(['notifications']);
-				mockTokenCall('notifications');
+				const authClient = createAuthClient({ scopes: ['notifications'] });
+				void mockTokenCall({ requestedScope: 'notifications' });

 				const token = await authClient.credentials.getToken();
 				const requestOptions = token.sign({
@@ -99,8 +144,8 @@ describe('CredentialsFlow', () => {
 					});

 			it('should make a request to get a new access token', async () => {
-				const authClient = createAuthClient(['notifications']);
-				mockTokenCall('notifications');
+				const authClient = createAuthClient({ scopes: ['notifications'] });
+				void mockTokenCall({ requestedScope: 'notifications' });

 				const token = await authClient.credentials.getToken();
 				expect(token.accessToken).toEqual(config.accessToken);