providers/oauth2: fix token endpoint creating invalid token when no scopes are passed

2020-12-27 14:48:44 +01:00 · 2020-12-27 14:48:44 +01:00 · dff5eb69c8
parent b747022bc1
commit dff5eb69c8
1 changed files with 4 additions and 1 deletions
--- a/authentik/providers/oauth2/views/token.py
+++ b/authentik/providers/oauth2/views/token.py
@ -93,7 +93,10 @@ class TokenParams:
                self.refresh_token = RefreshToken.objects.get(
                    refresh_token=raw_token, provider=self.provider
                )
-
+                # https://tools.ietf.org/html/rfc6749#section-6
+                # Fallback to original token's scopes when none are given
+                if self.scope == []:
+                    self.scope = self.refresh_token.scope
            except RefreshToken.DoesNotExist:
                LOGGER.warning(
                    "Refresh token does not exist",