From 01cebcfcec86d99f70e46c396aff87667bb7db58 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens@goauthentik.io>
Date: Thu, 5 Oct 2023 20:05:08 +0200
Subject: [PATCH] only consider non expired tokens

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---
 authentik/stages/authenticator_mobile/api/auth.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/authentik/stages/authenticator_mobile/api/auth.py b/authentik/stages/authenticator_mobile/api/auth.py
index 9c88d4973..31c82cbc6 100644
--- a/authentik/stages/authenticator_mobile/api/auth.py
+++ b/authentik/stages/authenticator_mobile/api/auth.py
@@ -18,7 +18,7 @@ class MobileDeviceTokenAuthentication(BaseAuthentication):
         """Token-based authentication using HTTP Bearer authentication"""
         auth = get_authorization_header(request)
         raw_token = validate_auth(auth)
-        device_token: MobileDeviceToken = MobileDeviceToken.objects.filter(token=raw_token).first()
+        device_token: MobileDeviceToken = MobileDeviceToken.filter_not_expired(token=raw_token).first()
         if not device_token:
             return None
         CTX_AUTH_VIA.set("mobile_token")