diff --git a/authentik/providers/oauth2/views/token.py b/authentik/providers/oauth2/views/token.py index c73669919..5057aa68d 100644 --- a/authentik/providers/oauth2/views/token.py +++ b/authentik/providers/oauth2/views/token.py @@ -333,18 +333,7 @@ class TokenParams: raise TokenError("invalid_grant") self.__check_policy_access(app, request, oauth_jwt=token) - - self.user, _ = User.objects.update_or_create( - username=f"{self.provider.name}-{token.get('sub')}", - defaults={ - "attributes": { - USER_ATTRIBUTE_GENERATED: True, - USER_ATTRIBUTE_EXPIRES: token.get("exp"), - }, - "last_login": now(), - "name": f"Autogenerated user from application {app.name} (client credentials JWT)", - }, - ) + self.__create_user_from_jwt(token, app) method_args = { "jwt": token, @@ -360,6 +349,23 @@ class TokenParams: PLAN_CONTEXT_APPLICATION=app, ).from_http(request, user=self.user) + def __create_user_from_jwt(self, token: dict[str, Any], app: Application): + """Create user from JWT""" + exp = token.get("exp") + self.user, created = User.objects.update_or_create( + username=f"{self.provider.name}-{token.get('sub')}", + defaults={ + "attributes": { + USER_ATTRIBUTE_GENERATED: True, + }, + "last_login": now(), + "name": f"Autogenerated user from application {app.name} (client credentials JWT)", + }, + ) + if created and exp: + self.user.attributes[USER_ATTRIBUTE_EXPIRES] = exp + self.user.save() + class TokenView(View): """Generate tokens for clients"""