From c57c42539dbe2eb59ea2e124f61f94b0d46d37d3 Mon Sep 17 00:00:00 2001
From: Christian Foidl <christian@wunderwerk.io>
Date: Tue, 18 Jun 2024 11:10:05 +0200
Subject: [PATCH] feat(simple-oauth): add support to explicitly allow
 authentication for token requests

---
 .changeset/rotten-yaks-leave.md               |  5 +++
 .../simple-oauth/src/DrupalkitSimpleOauth.ts  |  2 +-
 .../tests/DrupalkitSimpleOauth.test.ts        | 37 +++++++++++++++++++
 3 files changed, 43 insertions(+), 1 deletion(-)
 create mode 100644 .changeset/rotten-yaks-leave.md

diff --git a/.changeset/rotten-yaks-leave.md b/.changeset/rotten-yaks-leave.md
new file mode 100644
index 0000000..69a386e
--- /dev/null
+++ b/.changeset/rotten-yaks-leave.md
@@ -0,0 +1,5 @@
+---
+"@drupal-kit/simple-oauth": patch
+---
+
+Add support to explicitly allow authenticated token requests on per request basis
diff --git a/packages/simple-oauth/src/DrupalkitSimpleOauth.ts b/packages/simple-oauth/src/DrupalkitSimpleOauth.ts
index ad86c68..a92848d 100644
--- a/packages/simple-oauth/src/DrupalkitSimpleOauth.ts
+++ b/packages/simple-oauth/src/DrupalkitSimpleOauth.ts
@@ -62,7 +62,7 @@ export const DrupalkitSimpleOauth = (
       {
         method: "POST",
         body,
-        unauthenticated: true,
+        unauthenticated: requestOptions?.unauthenticated !== false,
         headers: {
           "content-type": "application/x-www-form-urlencoded",
         },
diff --git a/packages/simple-oauth/tests/DrupalkitSimpleOauth.test.ts b/packages/simple-oauth/tests/DrupalkitSimpleOauth.test.ts
index be8c02c..46791f6 100644
--- a/packages/simple-oauth/tests/DrupalkitSimpleOauth.test.ts
+++ b/packages/simple-oauth/tests/DrupalkitSimpleOauth.test.ts
@@ -114,6 +114,43 @@ test.serial("Request token with custom request options", async (t) => {
   );
 });
 
+test.serial("Request token authenticated", async (t) => {
+  t.plan(3);
+
+  const authinfo = "Bearer abc123";
+
+  const drupalkit = createDrupalkit();
+  drupalkit.setAuth(authinfo);
+
+  drupalkit.hook.before("request", (options) => {
+    t.is(options.cache, "no-cache");
+  });
+
+  server.use(
+    http.post("*/oauth/token", async ({ request }) => {
+      t.is(request.headers.get("X-Custom"), "1");
+      t.is(request.headers.get("Authorization"), authinfo);
+
+      return HttpResponse.json(TokenResponse);
+    }),
+  );
+
+  await drupalkit.simpleOauth.requestToken(
+    "client_credentials",
+    {
+      client_id: CLIENT_ID,
+      client_secret: CLIENT_SECRET,
+    },
+    {
+      cache: "no-cache",
+      headers: {
+        "X-Custom": "1",
+      },
+      unauthenticated: false,
+    },
+  );
+});
+
 test.serial("Request token with explicit endpoint", async (t) => {
   const drupalkit = createDrupalkit({
     baseUrl: BASE_URL,