Fix authentication errors thrown due to unformatted private keys being used for refresh access tokens in IAM and OAUTH

sharadraju · sharadraju · commit a4eb7a2455ff · 2025-02-11T13:09:34.000+05:30
diff --git a/doc/src/release_notes.rst b/doc/src/release_notes.rst
@@ -59,6 +59,10 @@ Thin Mode Changes
 #)  Fixed bug with :meth:`dbObject.deleteElement()` which did not update the
     keys of associative arrays when an element was deleted.
 
+#)  Fixed issue with IAM token based authentication which allows unformatted
+    private keys to be used for refreshed access tokens leading to token
+    authentication errors.
+
 Thick Mode Changes
 ++++++++++++++++++
 
diff --git a/lib/thin/pool.js b/lib/thin/pool.js
@@ -1,4 +1,4 @@
-// Copyright (c) 2022, 2024, Oracle and/or its affiliates.
+// Copyright (c) 2022, 2025, Oracle and/or its affiliates.
 
 //-----------------------------------------------------------------------------
 //
@@ -211,7 +211,7 @@ class ThinPoolImpl extends PoolImpl {
             }
           } else if (typeof accessToken === 'object') {
             clonedAttrs.token = accessToken.token;
-            clonedAttrs.privateKey = accessToken.privateKey;
+            clonedAttrs.privateKey = util.denormalizePrivateKey(accessToken.privateKey);
             if (util.isTokenExpired(clonedAttrs.token)) {
               // IAM token is expired
               errors.throwErr(errors.ERR_TOKEN_HAS_EXPIRED);
