habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

providers/oauth2: fix offline_access requests when prompt doesn't include consent (cherry-pick #8731) (#8732)

Browse Source 
Co-authored-by: Jens L <jens@goauthentik.io>
fix offline_access requests when prompt doesn't include consent (#8731)
This commit is contained in:
gcp-cherry-pick-bot[bot]
2024-02-28 17:09:18 +01:00
committed by GitHub
parent 4044e52403
commit 43a629efc1
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
authentik/providers/oauth2/views/authorize.py
View File

@ -257,9 +257,9 @@ class OAuthAuthorizationParams:
if SCOPE_OFFLINE_ACCESS in self.scope: if SCOPE_OFFLINE_ACCESS in self.scope:
# https://openid.net/specs/openid-connect-core-1_0.html#OfflineAccess # https://openid.net/specs/openid-connect-core-1_0.html#OfflineAccess
if PROMPT_CONSENT not in self.prompt: if PROMPT_CONSENT not in self.prompt:
raise AuthorizeError( # Instead of ignoring the `offline_access` scope when `prompt`
self.redirect_uri, "consent_required", self.grant_type, self.state # isn't set to `consent`, we set override it ourselves
) self.prompt.add(PROMPT_CONSENT)
if self.response_type not in [ if self.response_type not in [
ResponseTypes.CODE, ResponseTypes.CODE,
ResponseTypes.CODE_TOKEN, ResponseTypes.CODE_TOKEN,