Fix issues in existing client credentials change

kellyma2 · CI Bot · commit d15d7d578023 · 2025-07-22T17:21:23.000Z
This fixes two issues in the existing client credentials change:

- client_credentials was not listed as a supported grant type
- access tokens are not the storage ID

Signed-off-by: Michael Kelly &lt;mkelly@arista.com&gt;
diff --git a/server/handlers.go b/server/handlers.go
@@ -1130,7 +1130,13 @@ func (s *Server) handleClientCredentialsGrant(w http.ResponseWriter, r *http.Req
 
 	claims := storage.Claims{UserID: client.ID}
 
-	accessToken := storage.NewID()
+	accessToken, _, err := s.newAccessToken(r.Context(), client.ID, claims, scopes, nonce, "client")
+	if err != nil {
+		s.logger.ErrorContext(r.Context(), "failed to create new access token", "err", err)
+		s.tokenErrHelper(w, errServerError, err.Error(), http.StatusInternalServerError)
+		return
+	}
+
 	idToken, expiry, err := s.newIDToken(r.Context(), client.ID, claims, scopes, nonce, accessToken, "", "client")
 	if err != nil {
 		s.tokenErrHelper(w, errServerError, fmt.Sprintf("failed to create ID token: %v", err), http.StatusInternalServerError)
diff --git a/server/server.go b/server/server.go
@@ -235,6 +235,7 @@ func newServer(ctx context.Context, c Config, rotationStrategy rotationStrategy)
 		grantTypeRefreshToken:      true,
 		grantTypeDeviceCode:        true,
 		grantTypeTokenExchange:     true,
+		grantTypeClientCredentials: true,
 	}
 	supportedRes := make(map[string]bool)
 

Original file line number	Diff line number	Diff line change
`@@ -235,6 +235,7 @@ func newServer(ctx context.Context, c Config, rotationStrategy rotationStrategy)`
`235`	`235`	`grantTypeRefreshToken: true,`
`236`	`236`	`grantTypeDeviceCode: true,`
`237`	`237`	`grantTypeTokenExchange: true,`
	`238`	`+ grantTypeClientCredentials: true,`
`238`	`239`	`}`
`239`	`240`	`supportedRes := make(map[string]bool)`
`240`	`241`