Merge "Allow os-access-token-type for device auth"
This commit is contained in:
Zuul
@@ -753,7 +753,7 @@ class OidcDeviceAuthorization(_OidcBase):
|
||||
protocol: str,
|
||||
client_id: str,
|
||||
client_secret: str | None = None,
|
||||
# access_token_type intentionally skipped
|
||||
access_token_type: str = "access_token", # nosec B107
|
||||
scope: str = 'openid profile',
|
||||
access_token_endpoint: str | None = None,
|
||||
discovery_endpoint: str | None = None,
|
||||
@@ -785,8 +785,6 @@ class OidcDeviceAuthorization(_OidcBase):
|
||||
:param code_challenge_method: PKCE Challenge Method (RFC 7636).
|
||||
:type code_challenge_method: string
|
||||
"""
|
||||
# RFC 8628 only allows to retrieve an access_token
|
||||
self.access_token_type = 'access_token' # nosec B105
|
||||
self.device_authorization_endpoint = device_authorization_endpoint
|
||||
self.code_challenge_method = code_challenge_method
|
||||
|
||||
@@ -796,7 +794,7 @@ class OidcDeviceAuthorization(_OidcBase):
|
||||
protocol=protocol,
|
||||
client_id=client_id,
|
||||
client_secret=client_secret,
|
||||
access_token_type=self.access_token_type,
|
||||
access_token_type=access_token_type,
|
||||
scope=scope,
|
||||
access_token_endpoint=access_token_endpoint,
|
||||
discovery_endpoint=discovery_endpoint,
|
||||
|
||||
@@ -281,9 +281,6 @@ class OpenIDConnectDeviceAuthorization(
|
||||
def get_options(self) -> list[opts.Opt]:
|
||||
options = super().get_options()
|
||||
|
||||
# RFC 8628 doesn't support id_token
|
||||
options = [opt for opt in options if opt.name != 'access-token-type']
|
||||
|
||||
options.extend(
|
||||
[
|
||||
loading.Opt(
|
||||
|
||||
@@ -0,0 +1,6 @@
|
||||
---
|
||||
fixes:
|
||||
- |
|
||||
OIDC Device Authorization Flow: allow acquiring either an OIDC id_token or
|
||||
an OAuth access_token as some IDPs provide both (RFC8628 does not specify
|
||||
if ID tokens may be acquired).
|
||||
Reference in New Issue
Block a user