Merge pull request 'Revert "Prevent automatic OAuth grants for public clients (#30790) (#30836)"' (#3867) from earl-warren/forgejo:wip-oauth-revert into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3867 Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
This commit is contained in:
commit
b5c49a19d2
|
@ -469,9 +469,8 @@ func AuthorizeOAuth(ctx *context.Context) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// Redirect if user already granted access and the application is confidential.
|
// Redirect if user already granted access
|
||||||
// I.e. always require authorization for public clients as recommended by RFC 6749 Section 10.2
|
if grant != nil {
|
||||||
if app.ConfidentialClient && grant != nil {
|
|
||||||
code, err := grant.GenerateNewAuthorizationCode(ctx, form.RedirectURI, form.CodeChallenge, form.CodeChallengeMethod)
|
code, err := grant.GenerateNewAuthorizationCode(ctx, form.RedirectURI, form.CodeChallenge, form.CodeChallengeMethod)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
handleServerError(ctx, form.State, form.RedirectURI)
|
handleServerError(ctx, form.State, form.RedirectURI)
|
||||||
|
|
Loading…
Reference in New Issue