Is it possible to configure the authorization provider to supply the idToken in the Authorization header rather than the accessToken?
I know it’s possible to configure the prefix and header name, but it seems to only use the accessToken as the value.
If you only want to the idToken, and never use the accessToken, you could alter the exchange.resolvers.accessToken to store a different field from the exchange response.
That way it would store the
idToken instead of the access token and insert it into the requests instead of the access token.
I attempted to use that, but confirmed that it’s not being respected. We inspected the tokens at our API and Jira is sending an access token despite us setting
exchange.resolvers.accessToken: id_token. It might be using our setting for the
retrieveProfile action, but not for API fetch calls.
You would have to re-link the account again after changing that setting, as that configuration affects the exchange action.
You would have to go to your “profile connected apps” page, and unlink the account, then re-link.