aboutsummaryrefslogtreecommitdiffstats
path: root/routers/web/auth
diff options
context:
space:
mode:
authorDenys Konovalov <kontakt@denyskon.de>2024-07-19 14:28:30 -0400
committerGitHub <noreply@github.com>2024-07-19 14:28:30 -0400
commita8d0c879c38e21a8e78db627119bf622d919ee75 (patch)
treef55cbd55c967d11e7e4a4c4c96ce7b6db8345353 /routers/web/auth
parente9aa39bda4581a69f04dd1d46aab7980940e99ce (diff)
downloadgitea-a8d0c879c38e21a8e78db627119bf622d919ee75.tar.gz
gitea-a8d0c879c38e21a8e78db627119bf622d919ee75.zip
add skip secondary authorization option for public oauth2 clients (#31454)
Diffstat (limited to 'routers/web/auth')
-rw-r--r--routers/web/auth/oauth.go6
1 files changed, 3 insertions, 3 deletions
diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go
index 1205c2c578..0ccd460a78 100644
--- a/routers/web/auth/oauth.go
+++ b/routers/web/auth/oauth.go
@@ -469,9 +469,9 @@ func AuthorizeOAuth(ctx *context.Context) {
return
}
- // Redirect if user already granted access and the application is confidential.
- // I.e. always require authorization for public clients as recommended by RFC 6749 Section 10.2
- if app.ConfidentialClient && grant != nil {
+ // Redirect if user already granted access and the application is confidential or trusted otherwise
+ // I.e. always require authorization for untrusted public clients as recommended by RFC 6749 Section 10.2
+ if (app.ConfidentialClient || app.SkipSecondaryAuthorization) && grant != nil {
code, err := grant.GenerateNewAuthorizationCode(ctx, form.RedirectURI, form.CodeChallenge, form.CodeChallengeMethod)
if err != nil {
handleServerError(ctx, form.State, form.RedirectURI)