Comments (4)
I had the same issue with my harbor instance after upgrading from 2023.10.7 -> 2024.2.1. For me it was solved when I placed the scopes in the same order as in authentik. I first added offline_access at the end, resulting in your issue. I have it now configured as this:
from authentik.
Thank you @nima-karimi this worked. A downside is that the user always gets asked for their consent because the it is not saved in the user account anymore.
PS: If i set the Authorization Flow of the Provider from implicit to explicit the consent is saved. This seems kinda counterintuitive and in my opinion makes the use of the implicit flow useless. Is this the intended behaviour?
from authentik.
@nima-karimi I suppose there was a mistake in the interpretation of the spec there, seeing as if prompt=consent
isn't set authentik is supposed to just pretend the offline_access
scope wasn't requrested
@bbaumgartl The reason for this is when using a flow without a consent stage and the prompt=consent
parameter is set, authentik will inject a consent stage into the flow that requires consent to always be given. If there already is such a stage in the flow (like with the default explicit authorization flow) then the OAuth provider can't change it so the settings of that stage will have higher priorty
from authentik.
I also have this issue with Grafana as the client (reordering the scopes did not help). The client needs to send a prompt=consent
parameter when requesting offline_access
scope (#), but Grafana doesn't do that.
If I manually add the prompt
parameter to the auth URL in Grafana, it works and takes me to the consent page. E.g., https://auth.example.com/application/o/authorize/?prompt=consent
The error is coming from this line:
authentik/authentik/providers/oauth2/views/authorize.py
Lines 257 to 260 in 7359057
from authentik.
Related Issues (20)
- Issues with Grafana HOT 1
- Unraid installation failed March 22, 2024
- How to map social login users (discord) to directory groups ? HOT 2
- Federate Authentik to LDAP from Authentik
- ak_call_policy calls always error
- Federation OIDC Groups
- Support for Yubico OTP
- TF updates don't refresh current user HOT 1
- Missing User Dashboard Icons HOT 5
- ArgoCD ?has_sso_error HOT 5
- exec: "dumb-init": executable file not found in $PATH: unknown
- Authentik server and worker : Name or service not known HOT 2
- List of Applications a User can access isn't grouped together
- Nested groups from AD/LDAP sync not working
- Sync more AD/LDAP attributes like displayName HOT 2
- Redis alternatives => Redis change license HOT 2
- Custom Captcha is at the bottom of the page HOT 2
- LDAP user sync is really slow HOT 7
- When selecting a group at the bottom of updating a user write stage, the drop down is not scrollable
- Shows warning that user count exceeds license with three internal users on self hosted instance HOT 8
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from authentik.