habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

providers/oauth2: only send id_token as access_token if ADFS compat mode is enabled

Browse Source
This commit is contained in:
Jens Langhammer
2020-09-16 23:31:03 +02:00
parent f1ccef7f6a
commit 818f417fd8
5 changed files with 35 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
passbook/providers/oauth2/views/token.py
View File

@ -17,7 +17,7 @@ from passbook.providers.oauth2.errors import TokenError, UserAuthError
from passbook.providers.oauth2.models import (
AuthorizationCode,
OAuth2Provider,
RefreshToken,
RefreshToken, ResponseTypes,
)
from passbook.providers.oauth2.utils import TokenResponse, extract_client_auth
@ -200,7 +200,7 @@ class TokenView(View):
"id_token": refresh_token.provider.encode(refresh_token.id_token.to_dict()),
}
if self.params.authorization_code.is_open_id:
if self.params.provider.response_type == ResponseTypes.CODE_ADFS:
# This seems to be expected by some OIDC Clients
# namely VMware vCenter. This is not documented in any OpenID or OAuth2 Standard.
# Maybe this should be a setting