aboutsummaryrefslogtreecommitdiffstats
path: root/routers/web/auth
diff options
context:
space:
mode:
Diffstat (limited to 'routers/web/auth')
-rw-r--r--routers/web/auth/oauth.go6
1 files changed, 3 insertions, 3 deletions
diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go
index 1205c2c578..0ccd460a78 100644
--- a/routers/web/auth/oauth.go
+++ b/routers/web/auth/oauth.go
@@ -469,9 +469,9 @@ func AuthorizeOAuth(ctx *context.Context) {
return
}
- // Redirect if user already granted access and the application is confidential.
- // I.e. always require authorization for public clients as recommended by RFC 6749 Section 10.2
- if app.ConfidentialClient && grant != nil {
+ // Redirect if user already granted access and the application is confidential or trusted otherwise
+ // I.e. always require authorization for untrusted public clients as recommended by RFC 6749 Section 10.2
+ if (app.ConfidentialClient || app.SkipSecondaryAuthorization) && grant != nil {
code, err := grant.GenerateNewAuthorizationCode(ctx, form.RedirectURI, form.CodeChallenge, form.CodeChallengeMethod)
if err != nil {
handleServerError(ctx, form.State, form.RedirectURI)