Code Monkey home page Code Monkey logo

Comments (4)

BramVandenbossche avatar BramVandenbossche commented on May 20, 2024 1

I had the same issue with my harbor instance after upgrading from 2023.10.7 -> 2024.2.1. For me it was solved when I placed the scopes in the same order as in authentik. I first added offline_access at the end, resulting in your issue. I have it now configured as this:
image
image

from authentik.

bbaumgartl avatar bbaumgartl commented on May 20, 2024 1

Thank you @nima-karimi this worked. A downside is that the user always gets asked for their consent because the it is not saved in the user account anymore.

PS: If i set the Authorization Flow of the Provider from implicit to explicit the consent is saved. This seems kinda counterintuitive and in my opinion makes the use of the implicit flow useless. Is this the intended behaviour?

from authentik.

BeryJu avatar BeryJu commented on May 20, 2024 1

@nima-karimi I suppose there was a mistake in the interpretation of the spec there, seeing as if prompt=consent isn't set authentik is supposed to just pretend the offline_access scope wasn't requrested

@bbaumgartl The reason for this is when using a flow without a consent stage and the prompt=consent parameter is set, authentik will inject a consent stage into the flow that requires consent to always be given. If there already is such a stage in the flow (like with the default explicit authorization flow) then the OAuth provider can't change it so the settings of that stage will have higher priorty

from authentik.

nima-karimi avatar nima-karimi commented on May 20, 2024

I also have this issue with Grafana as the client (reordering the scopes did not help). The client needs to send a prompt=consent parameter when requesting offline_access scope (#), but Grafana doesn't do that.

If I manually add the prompt parameter to the auth URL in Grafana, it works and takes me to the consent page. E.g., https://auth.example.com/application/o/authorize/?prompt=consent

The error is coming from this line:

authentik/authentik/providers/oauth2/views/authorize.py

Lines 257 to 260 in 7359057

if PROMPT_CONSENT not in self.prompt:
raise AuthorizeError(
self.redirect_uri, "consent_required", self.grant_type, self.state
)

from authentik.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.