Include provider type in auth token response (#72560)

homeassistant/components/auth/__init__.py

@@ -19,13 +19,15 @@ Exchange the authorization code retrieved from the login flow for tokens.
 
 Return value will be the access and refresh tokens. The access token will have
 a limited expiration. New access tokens can be requested using the refresh
-token.
+token. The value ha_auth_provider will contain the auth provider type that was
+used to authorize the refresh token.
 
 {
     "access_token": "ABCDEFGH",
     "expires_in": 1800,
     "refresh_token": "IJKLMNOPQRST",
-    "token_type": "Bearer"
+    "token_type": "Bearer",
+    "ha_auth_provider": "homeassistant"
 }
 
 ## Grant type refresh_token
@@ -289,7 +291,12 @@ class TokenView(HomeAssistantView):
                 "expires_in": int(
                     refresh_token.access_token_expiration.total_seconds()
                 ),
-            }
+                "ha_auth_provider": credential.auth_provider_type,
+            },
+            headers={
+                "Cache-Control": "no-store",
+                "Pragma": "no-cache",
+            },
         )
 
     async def _async_handle_refresh_token(self, hass, data, remote_addr):
@@ -346,7 +353,11 @@ class TokenView(HomeAssistantView):
                 "expires_in": int(
                     refresh_token.access_token_expiration.total_seconds()
                 ),
-            }
+            },
+            headers={
+                "Cache-Control": "no-store",
+                "Pragma": "no-cache",
+            },
         )
 
 

tests/components/auth/test_init.py

@@ -81,6 +81,7 @@ async def test_login_new_user_and_trying_refresh_token(hass, aiohttp_client):
     assert (
         await hass.auth.async_validate_access_token(tokens["access_token"]) is not None
     )
+    assert tokens["ha_auth_provider"] == "insecure_example"
 
     # Use refresh token to get more tokens.
     resp = await client.post(