Use access token rather than id token when calling API

utils/auth-client/index.js

@@ -8,6 +8,7 @@ import {
   getUserInfo,
   clear,
   getExpiresAt,
+  getAccessToken,
 } from './storage';
 
 export default class AuthenticationClient {
@@ -113,4 +114,8 @@ export default class AuthenticationClient {
   idToken() {
     return getIdToken();
   }
+
+  accessToken() {
+    return getAccessToken();
+  }
 }

utils/auth-client/storage.js

@@ -43,4 +43,5 @@ export const clearStateAndNonce = () => {
 
 export const getUserInfo = () => JSON.parse(localStorage.getItem(STORAGE_USER));
 export const getIdToken = () => localStorage.getItem(STORAGE_ID);
+export const getAccessToken = () => localStorage.getItem(STORAGE_ACCESS);
 export const getExpiresAt = () => JSON.parse(localStorage.getItem(STORAGE_EXPIRES));

utils/auth.js

@@ -10,7 +10,7 @@ const auth0Config = {
   redirectUri: getRedirectUri(),
   audience: "http://dancefinder.unbound.se",
   responseType: "token id_token",
-  scope: "openid profile readwrite:settings"
+  scope: "openid profile email readwrite:settings"
 };
 
 const webAuth = new AuthClient(auth0Config);

utils/graph-client/middleware.js

@@ -2,7 +2,7 @@ const webAuth = require("../auth").default;
 
 module.exports = {
   includeCredentials: (uri, options) => {
-    const token = webAuth.idToken();
+    const token = webAuth.accessToken();
     if (token) {
       options.headers['Authorization'] = 'Bearer ' + token;
     }