From 8406b51212bf01c8f4d6125953fa98614d7834b9 Mon Sep 17 00:00:00 2001
From: Karim Kanso <kaz.kanso@gmail.com>
Date: Wed, 18 Aug 2021 08:48:44 +0100
Subject: [PATCH] fix #755: ensure save_token is called for hybrid code flow

---
 .../rfc6749/grant_types/authorization_code.py     |  2 ++
 .../grant_types/test_authorization_code.py        | 15 +++++++++++++++
 2 files changed, 17 insertions(+)

diff --git a/oauthlib/oauth2/rfc6749/grant_types/authorization_code.py b/oauthlib/oauth2/rfc6749/grant_types/authorization_code.py
index bf42d889..97aeca92 100644
--- a/oauthlib/oauth2/rfc6749/grant_types/authorization_code.py
+++ b/oauthlib/oauth2/rfc6749/grant_types/authorization_code.py
@@ -272,6 +272,8 @@ def create_authorization_response(self, request, token_handler):
         grant = self.create_authorization_code(request)
         for modifier in self._code_modifiers:
             grant = modifier(grant, token_handler, request)
+        if 'access_token' in grant:
+            self.request_validator.save_token(grant, request)
         log.debug('Saving grant %r for %r.', grant, request)
         self.request_validator.save_authorization_code(
             request.client_id, grant, request)
diff --git a/tests/oauth2/rfc6749/grant_types/test_authorization_code.py b/tests/oauth2/rfc6749/grant_types/test_authorization_code.py
index 20a2416f..dec5323e 100644
--- a/tests/oauth2/rfc6749/grant_types/test_authorization_code.py
+++ b/tests/oauth2/rfc6749/grant_types/test_authorization_code.py
@@ -324,3 +324,18 @@ def test_correct_code_challenge_method_s256(self):
             authorization_code.code_challenge_method_s256("dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk",
                                                           "E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM")
         )
+
+    def test_code_modifier_called(self):
+        bearer = BearerToken(self.mock_validator)
+        code_modifier = mock.MagicMock(wraps=lambda grant, *a: grant)
+        self.auth.register_code_modifier(code_modifier)
+        self.auth.create_authorization_response(self.request, bearer)
+        code_modifier.assert_called_once()
+
+    def test_hybrid_token_save(self):
+        bearer = BearerToken(self.mock_validator)
+        self.auth.register_code_modifier(
+            lambda grant, *a: dict(list(grant.items()) + [('access_token', 1)])
+        )
+        self.auth.create_authorization_response(self.request, bearer)
+        self.mock_validator.save_token.assert_called_once()