From 564b2874a97adb7d7c5fd5c15f65ac0d793ca1b6 Mon Sep 17 00:00:00 2001
From: Jens L <jens@goauthentik.io>
Date: Sun, 7 May 2023 00:19:11 +0200
Subject: [PATCH] providers/oauth2: use simpler charset for refresh tokens
 (#5502)

various implementations might have issues with the special chars

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---
 .../0016_alter_refreshtoken_token.py          | 24 +++++++++++++++++++
 authentik/providers/oauth2/models.py          |  2 +-
 2 files changed, 25 insertions(+), 1 deletion(-)
 create mode 100644 authentik/providers/oauth2/migrations/0016_alter_refreshtoken_token.py

diff --git a/authentik/providers/oauth2/migrations/0016_alter_refreshtoken_token.py b/authentik/providers/oauth2/migrations/0016_alter_refreshtoken_token.py
new file mode 100644
index 000000000..d65438e20
--- /dev/null
+++ b/authentik/providers/oauth2/migrations/0016_alter_refreshtoken_token.py
@@ -0,0 +1,24 @@
+# Generated by Django 4.1.7 on 2023-05-06 16:18
+
+from django.db import migrations, models
+
+import authentik.providers.oauth2.models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        (
+            "authentik_providers_oauth2",
+            "0015_accesstoken_auth_time_authorizationcode_auth_time_and_more",
+        ),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="refreshtoken",
+            name="token",
+            field=models.TextField(
+                default=authentik.providers.oauth2.models.generate_client_secret
+            ),
+        ),
+    ]
diff --git a/authentik/providers/oauth2/models.py b/authentik/providers/oauth2/models.py
index a17216270..d0a2e8ecc 100644
--- a/authentik/providers/oauth2/models.py
+++ b/authentik/providers/oauth2/models.py
@@ -382,7 +382,7 @@ class AccessToken(SerializerModel, ExpiringModel, BaseGrantModel):
 class RefreshToken(SerializerModel, ExpiringModel, BaseGrantModel):
     """OAuth2 Refresh Token, opaque"""
 
-    token = models.TextField(default=generate_key)
+    token = models.TextField(default=generate_client_secret)
     _id_token = models.TextField(verbose_name=_("ID Token"))
 
     @property