From 1498fbfcbce70f6338ca668874304e03270b16fa Mon Sep 17 00:00:00 2001
From: jankapunkt <jkuester@uni-bremen.de>
Date: Fri, 1 Nov 2024 09:50:26 +0100
Subject: [PATCH] fix(model): support explicit client.id field in model methods

---
 HISTORY.md                |  1 +
 lib/model/meteor-model.js |  3 ++-
 lib/model/model.js        |  1 +
 tests/oauth-tests.js      | 10 ++++++----
 4 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/HISTORY.md b/HISTORY.md
index 9e72341..02ca912 100644
--- a/HISTORY.md
+++ b/HISTORY.md
@@ -5,6 +5,7 @@
 - added scope verification in authenticated routes
 - improved internal logging
 - fix bug in validation for custom models
+- fix support for explicit `client.id` field
 
 ## 5.0.0
 - sync support for @node-oauth/oauth2-server 5.x by
diff --git a/lib/model/meteor-model.js b/lib/model/meteor-model.js
index 83f181a..ae43fe4 100644
--- a/lib/model/meteor-model.js
+++ b/lib/model/meteor-model.js
@@ -111,7 +111,8 @@ export const saveAuthorizationCode = async (code, client, user) => {
     redirectUri,
     scope: code.scope,
     client: {
-      id: client.clientId
+      // xxx: fix for newer oauth2-server versions
+      id: client.id ?? client.clientId
     },
     user: {
       id: user.id
diff --git a/lib/model/model.js b/lib/model/model.js
index 5ca9046..ff205d9 100644
--- a/lib/model/model.js
+++ b/lib/model/model.js
@@ -67,6 +67,7 @@ class OAuthMeteorModel {
   async createClient ({ title, homepage, description, privacyLink, redirectUris, grants, clientId, secret }) {
     this.log(`createClient (${redirectUris})`)
     return createClient({
+      id: clientId, // xxx: fix for newer oauth2-server versions that explicitly check for .id presence
       title,
       homepage,
       description,
diff --git a/tests/oauth-tests.js b/tests/oauth-tests.js
index 25debc8..3cd7e23 100644
--- a/tests/oauth-tests.js
+++ b/tests/oauth-tests.js
@@ -292,7 +292,7 @@ describe('integration tests of OAuth2 workflows', function () {
           authorizationCode,
           expiresAt,
           redirectUri: clientDoc.redirectUris[0]
-        }, { client_id: clientDoc.clientId }, { id: user._id })
+        }, clientDoc, { id: user._id })
 
         const params = {
           code: authorizationCode,
@@ -317,7 +317,7 @@ describe('integration tests of OAuth2 workflows', function () {
           authorizationCode,
           expiresAt,
           redirectUri: clientDoc.redirectUris[0]
-        }, {}, { id: user._id })
+        }, clientDoc, { id: user._id })
 
         const params = {
           code: authorizationCode,
@@ -359,11 +359,13 @@ describe('integration tests of OAuth2 workflows', function () {
       it('issues an access token for a valid request', async () => {
         const authorizationCode = Random.id()
         const expiresAt = new Date(new Date().getTime() + 30000)
-        await authCodeServer.model.saveAuthorizationCode({
+        const code = {
           authorizationCode,
           expiresAt,
           redirectUri: clientDoc.redirectUris[0]
-        }, {}, { id: user._id })
+        }
+
+        await authCodeServer.model.saveAuthorizationCode(code, clientDoc, { id: user._id })
 
         const params = {
           code: authorizationCode,