oauth.py _parse_access_token function uses access_token instead of id_token

[keanpaderes]

OS: MacOS Catalina 10.15.7
Docker Version: 20.10.7
Aleph Version: 3.11.0

Good day! We stumbled upon an error while integrating Google OAuth to our Aleph Instance. We have traced the problem to aleph/aleph/oauth.py, specifically the _parse_access_token function (line 28). In its current form, it uses the access_token property which leads to an error when authlib's JsonWebToken.decode function parses it as access_token is not JWT. It should use id_token property which is also available in the oauth_token parameter and we confirmed that it works when we applied the change on our local image.

[sunu]

Thanks @keanpaderes! We have had users who couldn't set up Aleph to use Google OAuth. So thank you for diagnosing the issue!
We'll try to implement a fix soon.

[thimios]

#2054

[sunu]

Hey everyone, I know multiple people are facing this same issue and we want to help fix it soon. But unfortunately we are blocked on some urgent internal work at the moment. We'll get to fixing the issue as soon as we can and ship it in the next Aleph release.