ENG-2140 Add token_type to oauth/token response

[erosselli]

Ticket ENG-2140

Description Of Changes

Partial implementation of ENG-2140. Adds the required token_type: "Bearer" field to our /api/oauth/token endpoint response so that it is compliant with the standard.

Steps to Confirm

1. Call the token endpoint, confirm correct token_type is returned

Pre-Merge Checklist

• Issue requirements met
• All CI pipelines succeeded
• CHANGELOG.md updated
  • Add a db-migration This indicates that a change includes a database migration label to the entry if your change includes a DB migration
  • Add a high-risk This issue suggests changes that have a high-probability of breaking existing code label to the entry if your change includes a high-risk change (i.e. potential for performance impact or unexpected regression) that should be flagged
  • Updates unreleased work already in Changelog, no new entry necessary
• UX feedback:
  • All UX related changes have been reviewed by a designer
  • No UX review needed
• Followup issues:
  • Followup issues created
  • No followup issues
• Database migrations:
  • Ensure that your downrev is up to date with the latest revision on main
  • Ensure that your downgrade() migration is correct and works
    • If a downgrade migration is not possible for this change, please call this out in the PR description!
  • No migrations
• Documentation:
  • Documentation complete, PR opened in fidesdocs
  • Documentation issue created in fidesdocs
  • If there are any new client scopes created as part of the pull request, remember to update public-facing documentation that references our scope registry
  • No documentation updates required

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

2 Skipped Deployments

Project	Deployment	Preview	Comments	Updated (UTC)
fides-plus-nightly	Ignored	Preview		Dec 4, 2025 8:37pm
fides-privacy-center	Ignored			Dec 4, 2025 8:37pm

[greptile-apps]

Greptile Overview

Greptile Summary

Added the required token_type: "Bearer" field to the /api/oauth/token endpoint response to comply with the OAuth2 RFC 6749 standard. The field uses Literal["Bearer"] type with a default value in the AccessToken schema.

• Added token_type field to AccessToken schema in src/fides/api/schemas/oauth.py
• Updated test cases to verify the field is present and has the correct value

Confidence Score: 5/5

• This PR is safe to merge with minimal risk
• The change is a simple, backward-compatible addition of a required OAuth2 standard field with proper default value. The implementation uses Pydantic's Literal type for type safety, and includes appropriate test coverage. Since the field has a default value of "Bearer", existing API clients will automatically receive the field without breaking changes.
• No files require special attention

Important Files Changed

File Analysis

Filename	Score	Overview
src/fides/api/schemas/oauth.py	5/5	Added required token_type: Literal["Bearer"] field to AccessToken schema for OAuth2 RFC compliance
tests/ops/api/v1/endpoints/test_oauth_endpoints.py	5/5	Added test assertions to verify token_type field is returned as "Bearer" in two test cases

[greptile-apps]

_{2 files reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

style: Consider adding similar token_type assertions to user login and invite acceptance tests in test_user_endpoints.py, since UserLoginResponse also contains the AccessToken schema

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 87.25%. Comparing base (6310fab) to head (296d51d).
⚠️ Report is 4 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #7074   +/-   ##
=======================================
  Coverage   87.24%   87.25%           
=======================================
  Files         532      532           
  Lines       34900    34897    -3     
  Branches     4036     4037    +1     
=======================================
  Hits        30448    30448           
+ Misses       3570     3567    -3     
  Partials      882      882           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.