providers/oauth2: fix old id_token being sent when using token endpoint with grant_type=refresh_token

This commit is contained in:
Jens Langhammer 2020-12-27 14:28:27 +01:00
parent 885fcff495
commit b747022bc1
2 changed files with 9 additions and 6 deletions

View file

@ -7,7 +7,12 @@ from django.views import View
from structlog import get_logger
from authentik.core.models import Application
from authentik.providers.oauth2.constants import ACR_AUTHENTIK_DEFAULT, SCOPE_OPENID
from authentik.providers.oauth2.constants import (
ACR_AUTHENTIK_DEFAULT,
GRANT_TYPE_AUTHORIZATION_CODE,
GRANT_TYPE_REFRESH_TOKEN,
SCOPE_OPENID,
)
from authentik.providers.oauth2.models import GrantTypes, OAuth2Provider, ScopeMapping
LOGGER = get_logger()
@ -56,9 +61,9 @@ class ProviderInfoView(View):
)
),
"grant_types_supported": [
GrantTypes.AUTHORIZATION_CODE,
GRANT_TYPE_AUTHORIZATION_CODE,
GRANT_TYPE_REFRESH_TOKEN,
GrantTypes.IMPLICIT,
GrantTypes.HYBRID,
],
"id_token_signing_alg_values_supported": [provider.jwt_alg],
# See: http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes

View file

@ -248,9 +248,7 @@ class TokenView(View):
"expires_in": timedelta_from_string(
refresh_token.provider.token_validity
).seconds,
"id_token": self.params.provider.encode(
self.params.refresh_token.id_token.to_dict()
),
"id_token": self.params.provider.encode(refresh_token.id_token.to_dict()),
}
return dic