diff --git a/src/execute/oas3/build-request.js b/src/execute/oas3/build-request.js index 116ca5af8..0b928c415 100644 --- a/src/execute/oas3/build-request.js +++ b/src/execute/oas3/build-request.js @@ -159,14 +159,15 @@ export function applySecurities({request, securities = {}, operation = {}, spec} } else if (type === 'oauth2') { const token = auth.token || {} - const accessToken = token.access_token + const tokenName = schema['x-tokenName'] || 'access_token' + const tokenValue = token[tokenName] let tokenType = token.token_type if (!tokenType || tokenType.toLowerCase() === 'bearer') { tokenType = 'Bearer' } - result.headers.Authorization = `${tokenType} ${accessToken}` + result.headers.Authorization = `${tokenType} ${tokenValue}` } } } diff --git a/test/oas3/execute/authorization.js b/test/oas3/execute/authorization.js index aa52adde8..122fe4005 100644 --- a/test/oas3/execute/authorization.js +++ b/test/oas3/execute/authorization.js @@ -596,4 +596,50 @@ describe('Authorization - OpenAPI Specification 3.0', () => { } ) }) + test('should use a custom oAuth token name if defined', () => { + const spec = { + openapi: '3.0.0', + components: { + securitySchemes: { + myOAuth2Implicit: { + type: 'oauth2', + 'x-tokenName': 'id_token' + } + } + }, + paths: { + '/': { + get: { + operationId: 'myOperation', + security: [ + {myOAuth2Implicit: []} + ] + } + } + } + } + + const req = buildRequest({ + spec, + operationId: 'myOperation', + securities: { + authorized: { + myOAuth2Implicit: { + token: { + access_token: 'otherTokenValue', + id_token: 'myTokenValue' + } + } + } + } + }) + expect(req).toEqual({ + method: 'GET', + url: '/', + credentials: 'same-origin', + headers: { + Authorization: 'Bearer myTokenValue' + }, + }) + }) })