From 983882f5a0994d9e9d3350e40dff100ace8e58ae Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Thu, 30 Jun 2022 12:43:04 +0200
Subject: [PATCH] providers/oauth2: ensure refresh tokens are URL safe

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#3185
---
 authentik/providers/oauth2/models.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/authentik/providers/oauth2/models.py b/authentik/providers/oauth2/models.py
index 3821d2b7b..577cd72fb 100644
--- a/authentik/providers/oauth2/models.py
+++ b/authentik/providers/oauth2/models.py
@@ -239,7 +239,7 @@ class OAuth2Provider(Provider):
         token = RefreshToken(
             user=user,
             provider=self,
-            refresh_token=generate_key(),
+            refresh_token=base64.urlsafe_b64encode(generate_key().encode()).decode(),
             expires=timezone.now() + timedelta_from_string(self.token_validity),
             scope=scope,
         )