Neon OAuth: Allow client_id and client_secret in headers

2026-06-13 21:01:21 +08:00 · 2024-12-04 10:52:35 -08:00 · 2024-12-04 10:52:35 -08:00 · 33d7d99070
commit 33d7d99070
parent 85260a97ff
1 changed files with 5 additions and 3 deletions
--- a/apps/backend/src/app/api/v1/integrations/neon/oauth/token/route.tsx
+++ b/apps/backend/src/app/api/v1/integrations/neon/oauth/token/route.tsx
@ -1,6 +1,6 @@
 import { prismaClient } from "@/prisma-client";
 import { createSmartRouteHandler } from "@/route-handlers/smart-route-handler";
-import { yupMixed, yupNumber, yupObject, yupString, yupUnion } from "@stackframe/stack-shared/dist/schema-fields";
+import { yupMixed, yupNumber, yupObject, yupString, yupTuple, yupUnion } from "@stackframe/stack-shared/dist/schema-fields";
 import { getEnvVariable } from "@stackframe/stack-shared/dist/utils/env";
 import { StackAssertionError } from "@stackframe/stack-shared/dist/utils/errors";

@ -14,10 +14,11 @@ export const POST = createSmartRouteHandler({
      grant_type: yupString().oneOf(["authorization_code"]).defined(),
      code: yupString().defined(),
      code_verifier: yupString().defined(),
-      client_id: yupString().defined(),
-      client_secret: yupString().defined(),
      redirect_uri: yupString().defined(),
    }).defined(),
+    headers: yupObject({
+      authorization: yupTuple([yupString().defined()]).defined(),
+    }).defined(),
  }),
  response: yupUnion(
    yupObject({
@ -41,6 +42,7 @@ export const POST = createSmartRouteHandler({
      body: new URLSearchParams(req.body).toString(),
      headers: {
        "Content-Type": "application/x-www-form-urlencoded",
+        Authorization: req.headers.authorization[0],
      },
    });
    if (!tokenResponse.ok) {