improve token response handling

lib/token.ex

@@ -11,7 +11,9 @@ defmodule PlugIndie.Token do
       ) do
     case do_verify_token(access_token, token_endpoint, user_agent) do
       {:ok, %{status: 200, body: body}} ->
-        verify_token_response(body, required_scope, supported_scopes, own_hostname)
+        body
+        |> map_keys_to_string()
+        |> verify_token_response(required_scope, supported_scopes, own_hostname)
 
       {:ok, %{status: status}} ->
         {:error, :request_error, status}
@@ -45,19 +47,28 @@ defmodule PlugIndie.Token do
     Tesla.get(client, token_endpoint)
   end
 
-  defp verify_token_response(
-         %{
-           me: host_uri,
-           scope: scope,
-           client_id: client_id,
-           issued_at: _issued_at,
-           issued_by: _issued_by,
-           nonce: _nonce
-         },
-         required_scope,
-         supported_scopes,
-         own_hostname
-       ) do
+  def verify_token_response(
+        %{
+          "me" => host_uri,
+          "scope" => scope,
+          "client_id" => client_id,
+          "issued_at" => _issued_at,
+          "issued_by" => _issued_by,
+          "nonce" => _nonce
+        },
+        required_scope,
+        supported_scopes,
+        own_hostname
+      ) do
+    # {%{
+    #   "client_id" => "https://indiepass.app/",
+    #   "issued_at" => 1_733_382_601,
+    #   "issued_by" => "https://tokens.indieauth.com/token",
+    #   "me" => "https://blog.inhji.de/",
+    #   "nonce" => 358_618_865,
+    #   "scope" => "create update delete media read follow channels mute block"
+    # }, "create", ["create", "media"], "inhji.de"}
+
     Logger.info("Host-URI: '#{host_uri}'")
     Logger.info("ClientId: '#{client_id}'")
     Logger.info("Scopes: '#{scope}'")
@@ -72,6 +83,8 @@ defmodule PlugIndie.Token do
     end
   end
 
+  def verify_token_response(_, _, _, _), do: {:error, "verify_token_response", "bad request"}
+
   defp verify_hostname_match(host_uri, own_hostname) do
     hostnames_match? = get_hostname(host_uri) == own_hostname
 
@@ -107,4 +120,8 @@ defmodule PlugIndie.Token do
         {:error, "verify_scope_support", "scope '#{required_scope}' was not requested"}
     end
   end
+
+  defp map_keys_to_string(map) do
+    for {key, val} <- map, into: %{}, do: {to_string(key), val}
+  end
 end

test/token_test.exs

@@ -0,0 +1,51 @@
+defmodule TokenTest do
+  use ExUnit.Case
+
+  describe "verify_token_response/4" do
+    test "with atom keyed map" do
+      body = %{
+        :client_id => "https://indiepass.app/",
+        :issued_at => 1_733_382_601,
+        :issued_by => "https://tokens.indieauth.com/token",
+        :me => "https://blog.inhji.de/",
+        :nonce => 358_618_865,
+        :scope => "create update delete media read follow channels mute block"
+      }
+
+      required_scope = "create"
+      supported_scopes = ["create", "media"]
+      hostname = "blog.inhji.de"
+
+      assert {:error, _, _} =
+               PlugIndie.Token.verify_token_response(
+                 body,
+                 required_scope,
+                 supported_scopes,
+                 hostname
+               )
+    end
+
+    test "with string keyed map" do
+      body = %{
+        "client_id" => "https://indiepass.app/",
+        "issued_at" => 1_733_382_601,
+        "issued_by" => "https://tokens.indieauth.com/token",
+        "me" => "https://blog.inhji.de/",
+        "nonce" => 358_618_865,
+        "scope" => "create update delete media read follow channels mute block"
+      }
+
+      required_scope = "create"
+      supported_scopes = ["create", "media"]
+      hostname = "blog.inhji.de"
+
+      assert PlugIndie.Token.verify_token_response(
+               body,
+               required_scope,
+               supported_scopes,
+               hostname
+             ) ==
+               :ok
+    end
+  end
+end