From 1a57d453bac1b29cc82bf4ee91bfbef6680a79be Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens@goauthentik.io>
Date: Thu, 16 Feb 2023 14:47:07 +0100
Subject: [PATCH] providers/oauth2: fix missing information for Revoked token
 access events

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---
 authentik/providers/oauth2/utils.py       | 7 ++++---
 authentik/providers/oauth2/views/token.py | 5 +++--
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/authentik/providers/oauth2/utils.py b/authentik/providers/oauth2/utils.py
index 21e72aa29..a1791a480 100644
--- a/authentik/providers/oauth2/utils.py
+++ b/authentik/providers/oauth2/utils.py
@@ -146,9 +146,10 @@ def protected_resource_view(scopes: list[str]):
                     LOGGER.warning("Revoked token was used", access_token=access_token)
                     Event.new(
                         action=EventAction.SUSPICIOUS_REQUEST,
-                        message="Revoked refresh token was used",
-                        token=access_token,
-                    ).from_http(request)
+                        message="Revoked access token was used",
+                        token=token,
+                        provider=token.provider,
+                    ).from_http(request, user=token.user)
                     raise BearerTokenError("invalid_token")
 
                 if not set(scopes).issubset(set(token.scope)):
diff --git a/authentik/providers/oauth2/views/token.py b/authentik/providers/oauth2/views/token.py
index fd42a2049..15887e35b 100644
--- a/authentik/providers/oauth2/views/token.py
+++ b/authentik/providers/oauth2/views/token.py
@@ -262,8 +262,9 @@ class TokenParams:
             Event.new(
                 action=EventAction.SUSPICIOUS_REQUEST,
                 message="Revoked refresh token was used",
-                token=raw_token,
-            ).from_http(request)
+                token=self.refresh_token,
+                provider=self.refresh_token.provider,
+            ).from_http(request, user=self.refresh_token.user)
             raise TokenError("invalid_grant")
 
     def __post_init_client_credentials(self, request: HttpRequest):