providers/oauth2: offline access (#8026)

* improve scope check (log when application requests non-configured scopes) Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add offline_access special scope Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ensure scope is set Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update tests for refresh tokens Signed-off-by: Jens Langhammer <jens@goauthentik.io> * special handling of scopes for github compat Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix spec Signed-off-by: Jens Langhammer <jens@goauthentik.io> * attempt to fix oidc tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove hardcoded slug Signed-off-by: Jens Langhammer <jens@goauthentik.io> * check scope from authorization code instead of request Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix injection for consent stage checking incorrectly Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-04 19:57:11 +01:00
parent 1b36cb8331
commit 509b502d3c
15 changed files with 369 additions and 171 deletions
--- a/tests/e2e/test_provider_oauth2_github.py
+++ b/tests/e2e/test_provider_oauth2_github.py
@ -74,7 +74,7 @@ class TestProviderOAuth2Github(SeleniumTestCase):
            slug="default-provider-authorization-implicit-consent"
        )
        provider = OAuth2Provider.objects.create(
-            name="grafana",
+            name=generate_id(),
            client_id=self.client_id,
            client_secret=self.client_secret,
            client_type=ClientTypes.CONFIDENTIAL,
@ -82,8 +82,8 @@ class TestProviderOAuth2Github(SeleniumTestCase):
            authorization_flow=authorization_flow,
        )
        Application.objects.create(
-            name="Grafana",
-            slug="grafana",
+            name=generate_id(),
+            slug=generate_id(),
            provider=provider,
        )

@ -129,7 +129,7 @@ class TestProviderOAuth2Github(SeleniumTestCase):
            slug="default-provider-authorization-explicit-consent"
        )
        provider = OAuth2Provider.objects.create(
-            name="grafana",
+            name=generate_id(),
            client_id=self.client_id,
            client_secret=self.client_secret,
            client_type=ClientTypes.CONFIDENTIAL,
@ -137,8 +137,8 @@ class TestProviderOAuth2Github(SeleniumTestCase):
            authorization_flow=authorization_flow,
        )
        app = Application.objects.create(
-            name="Grafana",
-            slug="grafana",
+            name=generate_id(),
+            slug=generate_id(),
            provider=provider,
        )

@ -200,7 +200,7 @@ class TestProviderOAuth2Github(SeleniumTestCase):
            slug="default-provider-authorization-explicit-consent"
        )
        provider = OAuth2Provider.objects.create(
-            name="grafana",
+            name=generate_id(),
            client_id=self.client_id,
            client_secret=self.client_secret,
            client_type=ClientTypes.CONFIDENTIAL,
@ -208,8 +208,8 @@ class TestProviderOAuth2Github(SeleniumTestCase):
            authorization_flow=authorization_flow,
        )
        app = Application.objects.create(
-            name="Grafana",
-            slug="grafana",
+            name=generate_id(),
+            slug=generate_id(),
            provider=provider,
        )