From 2064cc88abf4ac9e296f519bede540b3a1fd82c3 Mon Sep 17 00:00:00 2001
From: Mateusz Pietryga <pietryga.m@gmail.com>
Date: Sun, 5 May 2024 23:47:52 +0200
Subject: [PATCH] feat: OAuth2 - automatically handle Bearer token type only

According to RFC6749 Section 7.1, The client MUST NOT use an access token
if it does not understand the token type.
At this point bruno only understands 'bearer' token_type.
---
 packages/bruno-electron/src/ipc/network/index.js | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/packages/bruno-electron/src/ipc/network/index.js b/packages/bruno-electron/src/ipc/network/index.js
index bca74c334..be81fa01c 100644
--- a/packages/bruno-electron/src/ipc/network/index.js
+++ b/packages/bruno-electron/src/ipc/network/index.js
@@ -284,7 +284,13 @@ const configureRequest = async (
     }
     request.credentials = credentials;
     request.authRequestResponse = response;
-    request.headers['Authorization'] = `Bearer ${credentials.access_token}`;
+
+    // Bruno can handle bearer token type automatically.
+    // Other - more exotic token types are not touched
+    // Users are free to use pre-request script and operate on req.credentials.access_token variable
+    if (credentials?.token_type.toLowerCase() === 'bearer') {
+      request.headers['Authorization'] = `Bearer ${credentials.access_token}`;
+    }
   }
 
   if (request.awsv4config) {