From 73013c9300cb2b7a7456ef963b9b0e5069cfb803 Mon Sep 17 00:00:00 2001
From: Michael Ryerse <michael.ryerse@gmail.com>
Date: Wed, 4 Sep 2019 13:19:06 -0300
Subject: [PATCH] Add function to return id_token (for Service Now)

Some IDPs such as OpenAM can be configured to provide both an access_token and an id_token with the callback.  This update provides a function that can be called to return the id_token instead of the access_token.  The id_token contains a payload with claims related to the authenticated identity.  This was required for API integration to Service Now, who told me their service cannot be configured to accept an access_token.
---
 src/Service.js | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/src/Service.js b/src/Service.js
index bfe034fc..5f31e47a 100644
--- a/src/Service.js
+++ b/src/Service.js
@@ -457,6 +457,20 @@ Service_.prototype.getAccessToken = function() {
   return token.access_token;
 };
 
+/**
+ * Gets an id token for this service. This token can be used in HTTP
+ * requests to the service's endpoint. This method will throw an error if the
+ * user's access was not granted or has expired.
+ * @return {string} An id token.
+ */
+Service_.prototype.getIdToken = function() {
+  if (!this.hasAccess()) {
+    throw new Error('Access not granted or expired.');
+  }
+  var token = this.getToken();
+  return token.id_token;
+};
+
 /**
  * Resets the service, removing access and requiring the service to be
  * re-authorized.