diff --git a/harvest-finance/backend/src/auth/auth.controller.ts b/harvest-finance/backend/src/auth/auth.controller.ts index 1cd95640d..f86879e57 100644 --- a/harvest-finance/backend/src/auth/auth.controller.ts +++ b/harvest-finance/backend/src/auth/auth.controller.ts @@ -128,6 +128,10 @@ export class AuthController { status: 401, description: 'Invalid or expired refresh token', }) + @ApiResponse({ + status: 400, + description: 'Validation error — refresh_token field is missing or malformed', + }) async refresh( @Body() refreshTokenDto: RefreshTokenDto, ): Promise { diff --git a/harvest-finance/backend/src/auth/auth.service.spec.ts b/harvest-finance/backend/src/auth/auth.service.spec.ts index 75a1f58e3..904432b0d 100644 --- a/harvest-finance/backend/src/auth/auth.service.spec.ts +++ b/harvest-finance/backend/src/auth/auth.service.spec.ts @@ -223,6 +223,7 @@ describe('AuthService', () => { expect(result).toHaveProperty('access_token'); expect(result.access_token).toBe('new_access_token'); + expect(result).toHaveProperty('token_type', 'Bearer'); }); }); diff --git a/harvest-finance/backend/src/auth/auth.service.ts b/harvest-finance/backend/src/auth/auth.service.ts index 8e1c918f2..43911b05a 100644 --- a/harvest-finance/backend/src/auth/auth.service.ts +++ b/harvest-finance/backend/src/auth/auth.service.ts @@ -205,7 +205,7 @@ export class AuthService { }, ); - return { access_token: accessToken }; + return { access_token: accessToken, token_type: 'Bearer' }; } catch (error) { throw new UnauthorizedException('Invalid or expired refresh token'); } diff --git a/harvest-finance/backend/src/auth/dto/auth-response.dto.ts b/harvest-finance/backend/src/auth/dto/auth-response.dto.ts index d8e7eec01..65bfe9add 100644 --- a/harvest-finance/backend/src/auth/dto/auth-response.dto.ts +++ b/harvest-finance/backend/src/auth/dto/auth-response.dto.ts @@ -76,9 +76,16 @@ export class TokenResponseDto { /** Freshly issued short-lived JWT access token. */ @ApiProperty({ example: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...', - description: 'Access token (JWT)', + description: 'JWT access token to be sent as a Bearer token in the Authorization header', }) access_token: string; + + /** OAuth 2.0 token type. Always "Bearer" for this API. */ + @ApiProperty({ + example: 'Bearer', + description: 'Token type — always "Bearer". Prefix the access_token with this value in the Authorization header.', + }) + token_type: string; } /** Response shape returned after a successful logout. */