From 3009ae3b5d10f580189c2b5c6f661748dc64aa8f Mon Sep 17 00:00:00 2001
From: Monis Khan <i@monis.app>
Date: Wed, 11 Aug 2021 14:41:11 -0400
Subject: [PATCH] Return valid JWT access token from password grant

This change updates the password grant handler to issue a valid JWT
access token instead of just returning a random value as the access
token.  This makes it possible to use the access token against the
user info endpoint.

Signed-off-by: Monis Khan <i@monis.app>
---
 server/handlers.go | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/server/handlers.go b/server/handlers.go
index 2a4f8c71..bcf33911 100644
--- a/server/handlers.go
+++ b/server/handlers.go
@@ -1105,10 +1105,17 @@ func (s *Server) handlePasswordGrant(w http.ResponseWriter, r *http.Request, cli
 		Groups:            identity.Groups,
 	}
 
-	accessToken := storage.NewID()
+	accessToken, err := s.newAccessToken(client.ID, claims, scopes, nonce, connID)
+	if err != nil {
+		s.logger.Errorf("password grant failed to create new access token: %v", err)
+		s.tokenErrHelper(w, errServerError, "", http.StatusInternalServerError)
+		return
+	}
+
 	idToken, expiry, err := s.newIDToken(client.ID, claims, scopes, nonce, accessToken, "", connID)
 	if err != nil {
-		s.tokenErrHelper(w, errServerError, fmt.Sprintf("failed to create ID token: %v", err), http.StatusInternalServerError)
+		s.logger.Errorf("password grant failed to create new ID token: %v", err)
+		s.tokenErrHelper(w, errServerError, "", http.StatusInternalServerError)
 		return
 	}