From 08f32d73e83e87193011971a6295d1876aa0a422 Mon Sep 17 00:00:00 2001
From: Darren Jones <1425808+ddaddy@users.noreply.github.com>
Date: Fri, 21 Jul 2023 19:41:47 +0200
Subject: [PATCH] Added requestUsingIDToken configuration

---
 Sources/Base/OAuth2AuthConfig.swift |  3 +++
 Sources/Base/extensions.swift       | 13 ++++++++++---
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/Sources/Base/OAuth2AuthConfig.swift b/Sources/Base/OAuth2AuthConfig.swift
index 979f48fa..18b01a42 100644
--- a/Sources/Base/OAuth2AuthConfig.swift
+++ b/Sources/Base/OAuth2AuthConfig.swift
@@ -72,6 +72,9 @@ public struct OAuth2AuthConfig {
 	/// - macOS: An NSWindow from which to present a modal sheet _or_ `nil` to present in a new window
 	public weak var authorizeContext: AnyObject? = nil
 	
+	/// Whether to use the `id_token` instead of the `access_token` for signed requests
+	public var requestUsingIDToken = false
+	
 	/// UI-specific configuration.
 	public var ui = UI()
 }
diff --git a/Sources/Base/extensions.swift b/Sources/Base/extensions.swift
index edaddb68..b2befff5 100644
--- a/Sources/Base/extensions.swift
+++ b/Sources/Base/extensions.swift
@@ -93,10 +93,17 @@ extension URLRequest {
 	- parameter oauth2: The OAuth2 instance providing the access token to sign the request
 	*/
 	public mutating func sign(with oauth2: OAuth2Base) throws {
-		guard let access = oauth2.clientConfig.accessToken, !access.isEmpty else {
-			throw OAuth2Error.noAccessToken
+		if oauth2.authConfig.requestUsingIDToken {
+			guard let idToken = oauth2.clientConfig.idToken, !idToken.isEmpty else {
+				throw OAuth2Error.noAccessToken
+			}
+			setValue("Bearer \(idToken)", forHTTPHeaderField: "Authorization")
+		} else {
+			guard let access = oauth2.clientConfig.accessToken, !access.isEmpty else {
+				throw OAuth2Error.noAccessToken
+			}
+			setValue("Bearer \(access)", forHTTPHeaderField: "Authorization")
 		}
-		setValue("Bearer \(access)", forHTTPHeaderField: "Authorization")
 	}
 	
 	/**