aboutsummaryrefslogtreecommitdiffstats
path: root/routers/web/auth/oauth.go
diff options
context:
space:
mode:
Diffstat (limited to 'routers/web/auth/oauth.go')
-rw-r--r--routers/web/auth/oauth.go4
1 files changed, 2 insertions, 2 deletions
diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go
index 92a06e7c14..80f149d806 100644
--- a/routers/web/auth/oauth.go
+++ b/routers/web/auth/oauth.go
@@ -695,7 +695,7 @@ func handleRefreshToken(ctx *context.Context, form forms.AccessTokenForm, server
}
// "The authorization server MUST ... require client authentication for confidential clients"
// https://datatracker.ietf.org/doc/html/rfc6749#section-6
- if !app.ValidateClientSecret([]byte(form.ClientSecret)) {
+ if app.ConfidentialClient && !app.ValidateClientSecret([]byte(form.ClientSecret)) {
errorDescription := "invalid client secret"
if form.ClientSecret == "" {
errorDescription = "invalid empty client secret"
@@ -753,7 +753,7 @@ func handleAuthorizationCode(ctx *context.Context, form forms.AccessTokenForm, s
})
return
}
- if !app.ValidateClientSecret([]byte(form.ClientSecret)) {
+ if app.ConfidentialClient && !app.ValidateClientSecret([]byte(form.ClientSecret)) {
errorDescription := "invalid client secret"
if form.ClientSecret == "" {
errorDescription = "invalid empty client secret"
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-11 22:23:44 +0000