diff options
author | Denys Konovalov <kontakt@denyskon.de> | 2024-07-19 14:28:30 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-07-19 14:28:30 -0400 |
commit | a8d0c879c38e21a8e78db627119bf622d919ee75 (patch) | |
tree | f55cbd55c967d11e7e4a4c4c96ce7b6db8345353 /routers/web/auth | |
parent | e9aa39bda4581a69f04dd1d46aab7980940e99ce (diff) | |
download | gitea-a8d0c879c38e21a8e78db627119bf622d919ee75.tar.gz gitea-a8d0c879c38e21a8e78db627119bf622d919ee75.zip |
add skip secondary authorization option for public oauth2 clients (#31454)
Diffstat (limited to 'routers/web/auth')
-rw-r--r-- | routers/web/auth/oauth.go | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go index 1205c2c578..0ccd460a78 100644 --- a/routers/web/auth/oauth.go +++ b/routers/web/auth/oauth.go @@ -469,9 +469,9 @@ func AuthorizeOAuth(ctx *context.Context) { return } - // Redirect if user already granted access and the application is confidential. - // I.e. always require authorization for public clients as recommended by RFC 6749 Section 10.2 - if app.ConfidentialClient && grant != nil { + // Redirect if user already granted access and the application is confidential or trusted otherwise + // I.e. always require authorization for untrusted public clients as recommended by RFC 6749 Section 10.2 + if (app.ConfidentialClient || app.SkipSecondaryAuthorization) && grant != nil { code, err := grant.GenerateNewAuthorizationCode(ctx, form.RedirectURI, form.CodeChallenge, form.CodeChallengeMethod) if err != nil { handleServerError(ctx, form.State, form.RedirectURI) |