From 1253174c74c79c193793be99ea7fb6a54735313b Mon Sep 17 00:00:00 2001
From: "m.lettere" <marco.lettere@nubisware.com>
Date: Thu, 22 Jul 2021 17:49:01 +0200
Subject: [PATCH] added support for client_credentials before password flow
 which is downgraded to backup

---
 roles/pep/templates/pep.js.j2 | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/roles/pep/templates/pep.js.j2 b/roles/pep/templates/pep.js.j2
index aa42f2b..ea88c06 100644
--- a/roles/pep/templates/pep.js.j2
+++ b/roles/pep/templates/pep.js.j2
@@ -155,11 +155,27 @@ function requestToken(context){
       if (reply.status === 200) {
         var response = JSON.parse(reply.responseBody);
         context.authn.token = response.access_token
-        context.authn.verified_token = 
+        context.authn.verified_token =
           JSON.parse(Buffer.from(context.authn.token.split('.')[1], 'base64url').toString())
         return context
+      } else if (reply.status === 401){
+        var options = {
+          "body" : "grant_type=password&username="+context.authn.user+"&password="+context.authn.password
+        }
+        return context.request.subrequest("/jwt_request", options)
+          .then( reply=>{
+            if (reply.status === 200) {
+                var response = JSON.parse(reply.responseBody);
+                context.authn.token = response.access_token
+                context.authn.verified_token =
+                        JSON.parse(Buffer.from(context.authn.token.split('.')[1], 'base64url').toString())
+                return context
+            } else{
+               throw new Error("Unauthorized " + reply.status)
+            }
+          })
       } else {
-        throw new Error("Unauthorized")
+        throw new Error("Unauthorized " + reply.status)
       }
     })
 }