Fix tests and remove token normalization

lorenabalan · lorenabalan · commit f79a2b30df21 · 2026-02-04T15:22:02.000+01:00
diff --git a/src/core/server/integration_tests/saved_objects/registration/type_registrations.test.ts b/src/core/server/integration_tests/saved_objects/registration/type_registrations.test.ts
@@ -121,6 +121,7 @@ const previouslyRegisteredTypes = [
   'ml-module',
   'ml-telemetry',
   'monitoring-telemetry',
+  'oauth_state',
   'observability-onboarding-state',
   'osquery-pack',
   'osquery-pack-asset',
diff --git a/x-pack/platform/plugins/shared/actions/server/config.test.ts b/x-pack/platform/plugins/shared/actions/server/config.test.ts
@@ -35,6 +35,16 @@ describe('config validation', () => {
         "microsoftExchangeUrl": "https://login.microsoftonline.com",
         "microsoftGraphApiScope": "https://graph.microsoft.com/.default",
         "microsoftGraphApiUrl": "https://graph.microsoft.com/v1.0",
+        "oAuthRateLimit": Object {
+          "authorize": Object {
+            "limit": 100,
+            "lookbackWindow": "1h",
+          },
+          "callback": Object {
+            "limit": 100,
+            "lookbackWindow": "1h",
+          },
+        },
         "preconfigured": Object {},
         "preconfiguredAlertHistoryEsIndex": false,
         "responseTimeout": "PT1M",
@@ -69,6 +79,16 @@ describe('config validation', () => {
         "microsoftExchangeUrl": "https://login.microsoftonline.com",
         "microsoftGraphApiScope": "https://graph.microsoft.com/.default",
         "microsoftGraphApiUrl": "https://graph.microsoft.com/v1.0",
+        "oAuthRateLimit": Object {
+          "authorize": Object {
+            "limit": 100,
+            "lookbackWindow": "1h",
+          },
+          "callback": Object {
+            "limit": 100,
+            "lookbackWindow": "1h",
+          },
+        },
         "preconfigured": Object {
           "mySlack1": Object {
             "actionTypeId": ".slack",
@@ -212,6 +232,16 @@ describe('config validation', () => {
         "microsoftExchangeUrl": "https://login.microsoftonline.com",
         "microsoftGraphApiScope": "https://graph.microsoft.com/.default",
         "microsoftGraphApiUrl": "https://graph.microsoft.com/v1.0",
+        "oAuthRateLimit": Object {
+          "authorize": Object {
+            "limit": 100,
+            "lookbackWindow": "1h",
+          },
+          "callback": Object {
+            "limit": 100,
+            "lookbackWindow": "1h",
+          },
+        },
         "preconfigured": Object {},
         "preconfiguredAlertHistoryEsIndex": false,
         "responseTimeout": "PT1M",
@@ -382,6 +412,16 @@ describe('config validation', () => {
         "microsoftExchangeUrl": "https://login.microsoftonline.com",
         "microsoftGraphApiScope": "https://graph.microsoft.com/.default",
         "microsoftGraphApiUrl": "https://graph.microsoft.com/v1.0",
+        "oAuthRateLimit": Object {
+          "authorize": Object {
+            "limit": 100,
+            "lookbackWindow": "1h",
+          },
+          "callback": Object {
+            "limit": 100,
+            "lookbackWindow": "1h",
+          },
+        },
         "preconfigured": Object {},
         "preconfiguredAlertHistoryEsIndex": false,
         "rateLimiter": Object {
diff --git a/x-pack/platform/plugins/shared/actions/server/lib/get_oauth_authorization_code_access_token.ts b/x-pack/platform/plugins/shared/actions/server/lib/get_oauth_authorization_code_access_token.ts
@@ -5,7 +5,6 @@
  * 2.0.
  */
 
-import startCase from 'lodash/startCase';
 import pLimit from 'p-limit';
 import type { Logger } from '@kbn/core/server';
 import type { ActionsConfigurationUtilities } from '../actions_config';
@@ -143,10 +142,7 @@ export const getOAuthAuthorizationCodeAccessToken = async ({
         shouldUseBasicAuth
       );
 
-      // Some providers return "bearer" instead of "Bearer", but expect "Bearer" in the header,
-      // so we normalize the token type, i.e., capitalize first letter (e.g., "bearer" -> "Bearer")
-      const normalizedTokenType = startCase(tokenResult.tokenType);
-      const newAccessToken = `${normalizedTokenType} ${tokenResult.accessToken}`;
+      const newAccessToken = `${tokenResult.tokenType} ${tokenResult.accessToken}`;
 
       // Update stored token
       await connectorTokenClient.updateWithRefreshToken({
diff --git a/x-pack/platform/plugins/shared/actions/server/lib/get_oauth_client_credentials_access_token.ts b/x-pack/platform/plugins/shared/actions/server/lib/get_oauth_client_credentials_access_token.ts
@@ -5,7 +5,6 @@
  * 2.0.
  */
 import type { Logger } from '@kbn/core/server';
-import startCase from 'lodash/startCase';
 import type { ActionsConfigurationUtilities } from '../actions_config';
 import type { ConnectorToken, ConnectorTokenClientContract } from '../types';
 import { requestOAuthClientCredentialsToken } from './request_oauth_client_credentials_token';
@@ -80,10 +79,7 @@ export const getOAuthClientCredentialsAccessToken = async ({
       },
       configurationUtilities
     );
-    // Some providers return "bearer" instead of "Bearer", but expect "Bearer" in the header,
-    // so we normalize the token type, i.e., capitalize first letter (e.g., "bearer" -> "Bearer")
-    const normalizedTokenType = startCase(tokenResult.tokenType);
-    accessToken = `${normalizedTokenType} ${tokenResult.accessToken}`;
+    accessToken = `${tokenResult.tokenType} ${tokenResult.accessToken}`;
 
     // try to update connector_token SO
     if (connectorId && connectorTokenClient) {
diff --git a/x-pack/platform/plugins/shared/actions/server/lib/get_oauth_jwt_access_token.ts b/x-pack/platform/plugins/shared/actions/server/lib/get_oauth_jwt_access_token.ts
@@ -5,7 +5,6 @@
  * 2.0.
  */
 import type { Logger } from '@kbn/core/server';
-import startCase from 'lodash/startCase';
 import type { ActionsConfigurationUtilities } from '../actions_config';
 import type { ConnectorToken, ConnectorTokenClientContract } from '../types';
 import { createJWTAssertion } from './create_jwt_assertion';
@@ -90,10 +89,7 @@ export const getOAuthJwtAccessToken = async ({
       logger,
       configurationUtilities
     );
-    // Some providers return "bearer" instead of "Bearer", but expect "Bearer" in the header,
-    // so we normalize the token type, i.e., capitalize first letter (e.g., "bearer" -> "Bearer")
-    const normalizedTokenType = startCase(tokenResult.tokenType);
-    accessToken = `${normalizedTokenType} ${tokenResult.accessToken}`;
+    accessToken = `${tokenResult.tokenType} ${tokenResult.accessToken}`;
 
     // try to update connector_token SO
     if (connectorId && connectorTokenClient) {
diff --git a/x-pack/platform/plugins/shared/actions/server/routes/oauth_callback.ts b/x-pack/platform/plugins/shared/actions/server/routes/oauth_callback.ts
@@ -8,7 +8,6 @@
 import { schema } from '@kbn/config-schema';
 import type { CoreSetup, IRouter, Logger } from '@kbn/core/server';
 import { i18n } from '@kbn/i18n';
-import startCase from 'lodash/startCase';
 import type { ActionsPluginsStart } from '../plugin';
 import type { ILicenseState } from '../lib';
 import { BASE_ACTION_API_PATH } from '../../common';
@@ -396,10 +395,7 @@ export const oauthCallbackRoute = (
             connectorId: oauthState.connectorId,
             tokenType: 'access_token',
           });
-          // Some providers return "bearer" instead of "Bearer", but expect "Bearer" in the header,
-          // so we normalize the token type, i.e., capitalize first letter (e.g., "bearer" -> "Bearer")
-          const normalizedTokenType = startCase(tokenResult.tokenType);
-          const formattedToken = `${normalizedTokenType} ${tokenResult.accessToken}`;
+          const formattedToken = `${tokenResult.tokenType} ${tokenResult.accessToken}`;
           await connectorTokenClient.createWithRefreshToken({
             connectorId: oauthState.connectorId,
             accessToken: formattedToken,
diff --git a/x-pack/platform/test/plugin_api_integration/test_suites/task_manager/check_registered_task_types.ts b/x-pack/platform/test/plugin_api_integration/test_suites/task_manager/check_registered_task_types.ts
@@ -105,6 +105,7 @@ export default function ({ getService }: FtrProviderContext) {
         'actions:.xmatters',
         'actions:.xsoar',
         'actions:connector_usage_reporting',
+        'actions:oauth_state_cleanup',
         'actions_telemetry',
         'ad_hoc_run-backfill',
         'alert-deletion',
