You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
It's not possible to revoke a token via /application/o/revoke/ without providing client_secret for public clients.
To Reproduce
Steps to reproduce the behavior:
Create an oauth2 provider with client type=public.
Authorize using the created provider.
Generate tokens.
Try revoking the access/refresh token via /application/o/revoke/.
Expected behavior
Public clients can revoke a token via /application/o/revoke/ without providing client_secret.
Screenshots
If applicable, add screenshots to help explain your problem.
Logs
Output of docker-compose logs or kubectl logs respectively
Version and Deployment (please complete the following information):
authentik version: 2024.10.2
Deployment: docker-compose
Additional context
The RFC states that a client's request must contain a valid client_id, in the case of a public client, or valid client credentials, in the case of a confidential client.
Workaround: change client type to confidential and set client_secret to an empty string (via UI, I couldn't do it via Terraform) and change it back to public.
Describe the bug
It's not possible to revoke a token via
/application/o/revoke/
without providing client_secret for public clients.To Reproduce
Steps to reproduce the behavior:
/application/o/revoke/
.Expected behavior
Public clients can revoke a token via
/application/o/revoke/
without providing client_secret.Screenshots
If applicable, add screenshots to help explain your problem.
Logs
Output of docker-compose logs or kubectl logs respectively
Version and Deployment (please complete the following information):
Additional context
The RFC states that a client's request must contain a valid client_id, in the case of a public client, or valid client credentials, in the case of a confidential client.
I believe the culprit is this function: https://github.com/goauthentik/authentik/blob/main/authentik/providers/oauth2/utils.py#L181.
The text was updated successfully, but these errors were encountered: