From 5da47b69dda902cc33ec6b84d241458ea2ea63ea Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Wed, 25 May 2022 23:02:33 +0200 Subject: [PATCH] providers/oauth2: only set expiry on user when it was freshly created Signed-off-by: Jens Langhammer --- authentik/providers/oauth2/views/token.py | 30 ++++++++++++++--------- 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/authentik/providers/oauth2/views/token.py b/authentik/providers/oauth2/views/token.py index c73669919..5057aa68d 100644 --- a/authentik/providers/oauth2/views/token.py +++ b/authentik/providers/oauth2/views/token.py @@ -333,18 +333,7 @@ class TokenParams: raise TokenError("invalid_grant") self.__check_policy_access(app, request, oauth_jwt=token) - - self.user, _ = User.objects.update_or_create( - username=f"{self.provider.name}-{token.get('sub')}", - defaults={ - "attributes": { - USER_ATTRIBUTE_GENERATED: True, - USER_ATTRIBUTE_EXPIRES: token.get("exp"), - }, - "last_login": now(), - "name": f"Autogenerated user from application {app.name} (client credentials JWT)", - }, - ) + self.__create_user_from_jwt(token, app) method_args = { "jwt": token, @@ -360,6 +349,23 @@ class TokenParams: PLAN_CONTEXT_APPLICATION=app, ).from_http(request, user=self.user) + def __create_user_from_jwt(self, token: dict[str, Any], app: Application): + """Create user from JWT""" + exp = token.get("exp") + self.user, created = User.objects.update_or_create( + username=f"{self.provider.name}-{token.get('sub')}", + defaults={ + "attributes": { + USER_ATTRIBUTE_GENERATED: True, + }, + "last_login": now(), + "name": f"Autogenerated user from application {app.name} (client credentials JWT)", + }, + ) + if created and exp: + self.user.attributes[USER_ATTRIBUTE_EXPIRES] = exp + self.user.save() + class TokenView(View): """Generate tokens for clients"""