diff --git a/authentik/providers/oauth2/tests/test_authorize.py b/authentik/providers/oauth2/tests/test_authorize.py index 4172486b5..cbf4d0978 100644 --- a/authentik/providers/oauth2/tests/test_authorize.py +++ b/authentik/providers/oauth2/tests/test_authorize.py @@ -247,7 +247,7 @@ class TestAuthorize(OAuthTestCase): "to": ( f"http://localhost#access_token={token.access_token}" f"&id_token={provider.encode(token.id_token.to_dict())}&token_type=bearer" - f"&expires_in=2592000&state={state}" + f"&expires_in=60&state={state}" ), }, ) diff --git a/authentik/providers/oauth2/views/authorize.py b/authentik/providers/oauth2/views/authorize.py index 226ac4e68..f451fe5ee 100644 --- a/authentik/providers/oauth2/views/authorize.py +++ b/authentik/providers/oauth2/views/authorize.py @@ -367,7 +367,7 @@ class OAuthFulfillmentStage(StageView): query_fragment["token_type"] = "bearer" query_fragment["expires_in"] = int( - timedelta_from_string(self.provider.token_validity).total_seconds() + timedelta_from_string(self.provider.access_code_validity).total_seconds() ) query_fragment["state"] = self.params.state if self.params.state else "" diff --git a/web/src/locales/en.po b/web/src/locales/en.po index f4f59d101..8c1dd3189 100644 --- a/web/src/locales/en.po +++ b/web/src/locales/en.po @@ -88,14 +88,18 @@ msgstr "API request failed" msgid "Access Key" msgstr "Access Key" -#: src/pages/providers/oauth2/OAuth2ProviderForm.ts -msgid "Access code validity" -msgstr "Access code validity" +#: +#~ msgid "Access code validity" +#~ msgstr "Access code validity" #: src/pages/sources/oauth/OAuthSourceForm.ts msgid "Access token URL" msgstr "Access token URL" +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts +msgid "Access token validity" +msgstr "Access token validity" + #: src/elements/events/ObjectChangelog.ts #: src/elements/events/UserEvents.ts #: src/pages/events/EventListPage.ts @@ -787,9 +791,13 @@ msgstr "Configuration stage" msgid "Configure WebAuthn" msgstr "Configure WebAuthn" +#: +#~ msgid "Configure how long access codes are valid for." +#~ msgstr "Configure how long access codes are valid for." + #: src/pages/providers/oauth2/OAuth2ProviderForm.ts -msgid "Configure how long access codes are valid for." -msgstr "Configure how long access codes are valid for." +msgid "Configure how long access tokens are valid for." +msgstr "Configure how long access tokens are valid for." #: src/pages/providers/oauth2/OAuth2ProviderForm.ts msgid "Configure how long refresh tokens and their id_tokens are valid for." @@ -2057,6 +2065,10 @@ msgstr "If this flag is set, this Stage will jump to the next Stage when no Invi msgid "If this is selected, the token will expire. Upon expiration, the token will be rotated." msgstr "If this is selected, the token will expire. Upon expiration, the token will be rotated." +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts +msgid "If you are using an Implicit, client-side flow (where the token-endpoint isn't used), you probably want to increase this time." +msgstr "If you are using an Implicit, client-side flow (where the token-endpoint isn't used), you probably want to increase this time." + #: src/pages/outposts/OutpostDeploymentModal.ts msgid "If your authentik Instance is using a self-signed certificate, set this value." msgstr "If your authentik Instance is using a self-signed certificate, set this value." diff --git a/web/src/locales/pseudo-LOCALE.po b/web/src/locales/pseudo-LOCALE.po index 05dd00a6b..c147c8ad2 100644 --- a/web/src/locales/pseudo-LOCALE.po +++ b/web/src/locales/pseudo-LOCALE.po @@ -88,14 +88,18 @@ msgstr "" msgid "Access Key" msgstr "" -#: src/pages/providers/oauth2/OAuth2ProviderForm.ts -msgid "Access code validity" -msgstr "" +#: +#~ msgid "Access code validity" +#~ msgstr "" #: src/pages/sources/oauth/OAuthSourceForm.ts msgid "Access token URL" msgstr "" +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts +msgid "Access token validity" +msgstr "" + #: src/elements/events/ObjectChangelog.ts #: src/elements/events/UserEvents.ts #: src/pages/events/EventListPage.ts @@ -781,8 +785,12 @@ msgstr "" msgid "Configure WebAuthn" msgstr "" +#: +#~ msgid "Configure how long access codes are valid for." +#~ msgstr "" + #: src/pages/providers/oauth2/OAuth2ProviderForm.ts -msgid "Configure how long access codes are valid for." +msgid "Configure how long access tokens are valid for." msgstr "" #: src/pages/providers/oauth2/OAuth2ProviderForm.ts @@ -2049,6 +2057,10 @@ msgstr "" msgid "If this is selected, the token will expire. Upon expiration, the token will be rotated." msgstr "" +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts +msgid "If you are using an Implicit, client-side flow (where the token-endpoint isn't used), you probably want to increase this time." +msgstr "" + #: src/pages/outposts/OutpostDeploymentModal.ts msgid "If your authentik Instance is using a self-signed certificate, set this value." msgstr "" diff --git a/web/src/pages/providers/oauth2/OAuth2ProviderForm.ts b/web/src/pages/providers/oauth2/OAuth2ProviderForm.ts index c9f2ee470..cdeb696e8 100644 --- a/web/src/pages/providers/oauth2/OAuth2ProviderForm.ts +++ b/web/src/pages/providers/oauth2/OAuth2ProviderForm.ts @@ -179,7 +179,7 @@ ${this.instance?.redirectUris} ${t`Advanced protocol settings`}
@@ -190,7 +190,10 @@ ${this.instance?.redirectUris}

- ${t`Configure how long access codes are valid for.`} + ${t`Configure how long access tokens are valid for.`} +

+

+ ${t`If you are using an Implicit, client-side flow (where the token-endpoint isn't used), you probably want to increase this time.`}

${t`(Format: hours=-1;minutes=-2;seconds=-3).`}