habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

providers/oauth2: only send id_token as access_token if ADFS compat mode is enabled

Browse Source
This commit is contained in:
Jens Langhammer
2020-09-16 23:31:03 +02:00
parent f1ccef7f6a
commit 818f417fd8
5 changed files with 35 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
passbook/providers/oauth2/models.py
View File

@ -31,8 +31,8 @@ from passbook.providers.oauth2.generators import (
class ClientTypes(models.TextChoices):
"""<b>Confidential</b> clients are capable of maintaining the confidentiality
of their credentials. <b>Public</b> clients are incapable."""
"""Confidential clients are capable of maintaining the confidentiality
of their credentials. Public clients are incapable."""
CONFIDENTIAL = "confidential", _("Confidential")
PUBLIC = "public", _("Public")
@ -70,6 +70,7 @@ class ResponseTypes(models.TextChoices):
"""Response Type required by the client."""
CODE = "code", _("code (Authorization Code Flow)")
CODE_ADFS = "code_adfs", _("code (ADFS Compatibility Mode, sends id_token as access_token)")
ID_TOKEN = "id_token", _("id_token (Implicit Flow)")
ID_TOKEN_TOKEN = "id_token token", _("id_token token (Implicit Flow)")
CODE_TOKEN = "code token", _("code token (Hybrid Flow)")