habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

providers/oauth2: fix offline_access requests when prompt doesn't include consent (cherry-pick #8731) (#8732)

Browse Source 
Co-authored-by: Jens L <jens@goauthentik.io>
fix offline_access requests when prompt doesn't include consent (#8731)
This commit is contained in:
gcp-cherry-pick-bot[bot]
2024-02-28 17:09:18 +01:00
committed by GitHub
parent 4044e52403
commit 43a629efc1
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
authentik/providers/oauth2/views/authorize.py
View File

@ -257,9 +257,9 @@ class OAuthAuthorizationParams:
if SCOPE_OFFLINE_ACCESS in self.scope:
# https://openid.net/specs/openid-connect-core-1_0.html#OfflineAccess
if PROMPT_CONSENT not in self.prompt:
raise AuthorizeError(
self.redirect_uri, "consent_required", self.grant_type, self.state
)
# Instead of ignoring the `offline_access` scope when `prompt`
# isn't set to `consent`, we set override it ourselves
self.prompt.add(PROMPT_CONSENT)
if self.response_type not in [
ResponseTypes.CODE,
ResponseTypes.CODE_TOKEN,