From 972868c15c53fbf4075946278cf1625cfeaa52f4 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Wed, 25 May 2022 23:02:33 +0200 Subject: [PATCH] providers/oauth2: only set expiry on user when it was freshly created Signed-off-by: Jens Langhammer --- authentik/providers/oauth2/views/token.py | 30 ++++++++++++++--------- 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/authentik/providers/oauth2/views/token.py b/authentik/providers/oauth2/views/token.py index baed2ef75..ee26fc087 100644 --- a/authentik/providers/oauth2/views/token.py +++ b/authentik/providers/oauth2/views/token.py @@ -302,18 +302,7 @@ class TokenParams: raise TokenError("invalid_grant") self.__check_policy_access(app, request, oauth_jwt=token) - - self.user, _ = User.objects.update_or_create( - username=f"{self.provider.name}-{token.get('sub')}", - defaults={ - "attributes": { - USER_ATTRIBUTE_GENERATED: True, - USER_ATTRIBUTE_EXPIRES: token.get("exp"), - }, - "last_login": now(), - "name": f"Autogenerated user from application {app.name} (client credentials JWT)", - }, - ) + self.__create_user_from_jwt(token, app) Event.new( action=EventAction.LOGIN, @@ -324,6 +313,23 @@ class TokenParams: PLAN_CONTEXT_APPLICATION=app, ).from_http(request, user=self.user) + def __create_user_from_jwt(self, token: dict[str, Any], app: Application): + """Create user from JWT""" + exp = token.get("exp") + self.user, created = User.objects.update_or_create( + username=f"{self.provider.name}-{token.get('sub')}", + defaults={ + "attributes": { + USER_ATTRIBUTE_GENERATED: True, + }, + "last_login": now(), + "name": f"Autogenerated user from application {app.name} (client credentials JWT)", + }, + ) + if created and exp: + self.user.attributes[USER_ATTRIBUTE_EXPIRES] = exp + self.user.save() + class TokenView(View): """Generate tokens for clients"""