From 8a2ba1c51882819c7253f0edf4317a70115ea370 Mon Sep 17 00:00:00 2001 From: "gcp-cherry-pick-bot[bot]" <98988430+gcp-cherry-pick-bot[bot]@users.noreply.github.com> Date: Fri, 18 Oct 2024 13:37:48 +0200 Subject: [PATCH] providers/oauth2: don't overwrite attributes when updating service acccount (cherry-pick #11709) (#11723) providers/oauth2: don't overwrite attributes when updating service acccount (#11709) providers/oauth2: don't overwrite attributes when updating service account Signed-off-by: Jens Langhammer Co-authored-by: Jens L. --- authentik/providers/oauth2/views/token.py | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/authentik/providers/oauth2/views/token.py b/authentik/providers/oauth2/views/token.py index c42225d0af..a0b9327e18 100644 --- a/authentik/providers/oauth2/views/token.py +++ b/authentik/providers/oauth2/views/token.py @@ -439,15 +439,14 @@ class TokenParams: # (22 chars being the length of the "template") username=f"ak-{self.provider.name[:150-22]}-client_credentials", defaults={ - "attributes": { - USER_ATTRIBUTE_GENERATED: True, - }, "last_login": timezone.now(), "name": f"Autogenerated user from application {app.name} (client credentials)", "path": f"{USER_PATH_SYSTEM_PREFIX}/apps/{app.slug}", "type": UserTypes.SERVICE_ACCOUNT, }, ) + self.user.attributes[USER_ATTRIBUTE_GENERATED] = True + self.user.save() self.__check_policy_access(app, request) Event.new( @@ -471,9 +470,6 @@ class TokenParams: self.user, created = User.objects.update_or_create( username=f"{self.provider.name}-{token.get('sub')}", defaults={ - "attributes": { - USER_ATTRIBUTE_GENERATED: True, - }, "last_login": timezone.now(), "name": ( f"Autogenerated user from application {app.name} (client credentials JWT)" @@ -482,6 +478,8 @@ class TokenParams: "type": UserTypes.SERVICE_ACCOUNT, }, ) + self.user.attributes[USER_ATTRIBUTE_GENERATED] = True + self.user.save() exp = token.get("exp") if created and exp: self.user.attributes[USER_ATTRIBUTE_EXPIRES] = exp