From b747022bc1714f8f4911f6696f2fe51ce7810ca3 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sun, 27 Dec 2020 14:28:27 +0100 Subject: [PATCH] providers/oauth2: fix old id_token being sent when using token endpoint with grant_type=refresh_token --- authentik/providers/oauth2/views/provider.py | 11 ++++++++--- authentik/providers/oauth2/views/token.py | 4 +--- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/authentik/providers/oauth2/views/provider.py b/authentik/providers/oauth2/views/provider.py index fb0966670..f7d83cb8e 100644 --- a/authentik/providers/oauth2/views/provider.py +++ b/authentik/providers/oauth2/views/provider.py @@ -7,7 +7,12 @@ from django.views import View from structlog import get_logger from authentik.core.models import Application -from authentik.providers.oauth2.constants import ACR_AUTHENTIK_DEFAULT, SCOPE_OPENID +from authentik.providers.oauth2.constants import ( + ACR_AUTHENTIK_DEFAULT, + GRANT_TYPE_AUTHORIZATION_CODE, + GRANT_TYPE_REFRESH_TOKEN, + SCOPE_OPENID, +) from authentik.providers.oauth2.models import GrantTypes, OAuth2Provider, ScopeMapping LOGGER = get_logger() @@ -56,9 +61,9 @@ class ProviderInfoView(View): ) ), "grant_types_supported": [ - GrantTypes.AUTHORIZATION_CODE, + GRANT_TYPE_AUTHORIZATION_CODE, + GRANT_TYPE_REFRESH_TOKEN, GrantTypes.IMPLICIT, - GrantTypes.HYBRID, ], "id_token_signing_alg_values_supported": [provider.jwt_alg], # See: http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes diff --git a/authentik/providers/oauth2/views/token.py b/authentik/providers/oauth2/views/token.py index a1b9740ff..4dc54109c 100644 --- a/authentik/providers/oauth2/views/token.py +++ b/authentik/providers/oauth2/views/token.py @@ -248,9 +248,7 @@ class TokenView(View): "expires_in": timedelta_from_string( refresh_token.provider.token_validity ).seconds, - "id_token": self.params.provider.encode( - self.params.refresh_token.id_token.to_dict() - ), + "id_token": self.params.provider.encode(refresh_token.id_token.to_dict()), } return dic