providers/oauth2: fix missing information for Revoked token access events
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
parent
e5dfe7dafe
commit
1a57d453ba
|
@ -146,9 +146,10 @@ def protected_resource_view(scopes: list[str]):
|
|||
LOGGER.warning("Revoked token was used", access_token=access_token)
|
||||
Event.new(
|
||||
action=EventAction.SUSPICIOUS_REQUEST,
|
||||
message="Revoked refresh token was used",
|
||||
token=access_token,
|
||||
).from_http(request)
|
||||
message="Revoked access token was used",
|
||||
token=token,
|
||||
provider=token.provider,
|
||||
).from_http(request, user=token.user)
|
||||
raise BearerTokenError("invalid_token")
|
||||
|
||||
if not set(scopes).issubset(set(token.scope)):
|
||||
|
|
|
@ -262,8 +262,9 @@ class TokenParams:
|
|||
Event.new(
|
||||
action=EventAction.SUSPICIOUS_REQUEST,
|
||||
message="Revoked refresh token was used",
|
||||
token=raw_token,
|
||||
).from_http(request)
|
||||
token=self.refresh_token,
|
||||
provider=self.refresh_token.provider,
|
||||
).from_http(request, user=self.refresh_token.user)
|
||||
raise TokenError("invalid_grant")
|
||||
|
||||
def __post_init_client_credentials(self, request: HttpRequest):
|
||||
|
|
Reference in a new issue