Skip to content

Commit b2f3e27

Browse files
fix: respect explicit expose token provider overrides
1 parent 3efe11e commit b2f3e27

1 file changed

Lines changed: 11 additions & 4 deletions

File tree

src/runtime/server/utils/session.ts

Lines changed: 11 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -129,6 +129,9 @@ export async function refreshUserSession(event: H3Event, options: SessionBehavio
129129
}
130130

131131
const { user, tokens, expiresIn, parsedAccessToken } = tokenRefreshResponse
132+
const providerConfig = useRuntimeConfig(event).oidc.providers[provider]
133+
const exposeAccessToken = providerConfig?.exposeAccessToken ?? providerPresets[provider]?.exposeAccessToken
134+
const exposeIdToken = providerConfig?.exposeIdToken ?? providerPresets[provider]?.exposeIdToken
132135

133136
// Replace the session storage
134137

@@ -150,8 +153,8 @@ export async function refreshUserSession(event: H3Event, options: SessionBehavio
150153

151154
return {
152155
...session.data,
153-
...(tokens.accessToken && (useRuntimeConfig(event).oidc.providers[provider]?.exposeAccessToken || providerPresets[provider]?.exposeAccessToken)) && { accessToken: tokens.accessToken },
154-
...(tokens.idToken && (useRuntimeConfig(event).oidc.providers[provider]?.exposeIdToken || providerPresets[provider]?.exposeIdToken)) && { idToken: tokens.idToken },
156+
...(tokens.accessToken && exposeAccessToken) && { accessToken: tokens.accessToken },
157+
...(tokens.idToken && exposeIdToken) && { idToken: tokens.idToken },
155158
}
156159
}
157160

@@ -218,14 +221,18 @@ export async function getUserSession(event: H3Event, options: SessionBehaviorOpt
218221
}
219222
}
220223

224+
const providerConfig = useRuntimeConfig(event).oidc.providers[provider]
225+
const exposeAccessToken = providerConfig?.exposeAccessToken ?? providerPresets[provider]?.exposeAccessToken
226+
const exposeIdToken = providerConfig?.exposeIdToken ?? providerPresets[provider]?.exposeIdToken
227+
221228
// Expose tokens if configured
222-
if (useRuntimeConfig(event).oidc.providers[provider]?.exposeAccessToken || providerPresets[provider]?.exposeAccessToken) {
229+
if (exposeAccessToken) {
223230
const persistentSession = await useStorage('oidc').getItem<PersistentSession>(session.id as string) as PersistentSession | null
224231
const tokenKey = process.env.NUXT_OIDC_TOKEN_KEY as string
225232
if (persistentSession)
226233
userSession.accessToken = await decryptToken(persistentSession.accessToken, tokenKey)
227234
}
228-
if (useRuntimeConfig(event).oidc.providers[provider]?.exposeIdToken || providerPresets[provider]?.exposeIdToken) {
235+
if (exposeIdToken) {
229236
const persistentSession = await useStorage('oidc').getItem<PersistentSession>(session.id as string) as PersistentSession | null
230237
const tokenKey = process.env.NUXT_OIDC_TOKEN_KEY as string
231238
if (persistentSession?.idToken)

0 commit comments

Comments
 (0)