diff --git a/packages/client/lib/AccessTokenClient.ts b/packages/client/lib/AccessTokenClient.ts index 89f72030..837b8199 100644 --- a/packages/client/lib/AccessTokenClient.ts +++ b/packages/client/lib/AccessTokenClient.ts @@ -95,7 +95,13 @@ export class AccessTokenClient { if (createDPoPOpts?.dPoPSigningAlgValuesSupported && createDPoPOpts.dPoPSigningAlgValuesSupported.length > 0) { dPoP = createDPoPOpts ? await createDPoP(getCreateDPoPOptions(createDPoPOpts, requestTokenURL)) : undefined; } - return this.sendAuthCode(requestTokenURL, accessTokenRequest, dPoP ? { headers: { dPoP } } : undefined); + const response = await this.sendAuthCode(requestTokenURL, accessTokenRequest, dPoP ? { headers: { dPoP } } : undefined); + + if (response.successBody && createDPoPOpts && createDPoPOpts && response.successBody.token_type !== 'DPoP') { + throw new Error('Invalid token type returned. Expected DPoP. Received: ' + response.successBody.token_type); + } + + return response; } public async createAccessTokenRequest(opts: Omit): Promise { diff --git a/packages/client/lib/AccessTokenClientV1_0_11.ts b/packages/client/lib/AccessTokenClientV1_0_11.ts index e795489b..9feffe13 100644 --- a/packages/client/lib/AccessTokenClientV1_0_11.ts +++ b/packages/client/lib/AccessTokenClientV1_0_11.ts @@ -100,7 +100,13 @@ export class AccessTokenClientV1_0_11 { dPoP = createDPoPOpts ? await createDPoP(getCreateDPoPOptions(createDPoPOpts, requestTokenURL)) : undefined; } - return this.sendAuthCode(requestTokenURL, accessTokenRequest, dPoP ? { headers: { dPoP } } : undefined); + const response = await this.sendAuthCode(requestTokenURL, accessTokenRequest, dPoP ? { headers: { dPoP } } : undefined); + + if (response.successBody && createDPoPOpts && createDPoPOpts && response.successBody.token_type !== 'DPoP') { + throw new Error('Invalid token type returned. Expected DPoP. Received: ' + response.successBody.token_type); + } + + return response; } public async createAccessTokenRequest(opts: Omit): Promise {