From 8f77b49266f736263c026c7863934c10f97475e3 Mon Sep 17 00:00:00 2001 From: "Jens L." Date: Fri, 18 Oct 2024 11:36:11 +0000 Subject: [PATCH] providers/oauth2: don't overwrite attributes when updating service acccount (#11709) providers/oauth2: don't overwrite attributes when updating service account Signed-off-by: Jens Langhammer --- authentik/providers/oauth2/views/token.py | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/authentik/providers/oauth2/views/token.py b/authentik/providers/oauth2/views/token.py index c42225d0af04..a0b9327e18e5 100644 --- a/authentik/providers/oauth2/views/token.py +++ b/authentik/providers/oauth2/views/token.py @@ -439,15 +439,14 @@ def __post_init_client_credentials_generated(self, request: HttpRequest): # (22 chars being the length of the "template") username=f"ak-{self.provider.name[:150-22]}-client_credentials", defaults={ - "attributes": { - USER_ATTRIBUTE_GENERATED: True, - }, "last_login": timezone.now(), "name": f"Autogenerated user from application {app.name} (client credentials)", "path": f"{USER_PATH_SYSTEM_PREFIX}/apps/{app.slug}", "type": UserTypes.SERVICE_ACCOUNT, }, ) + self.user.attributes[USER_ATTRIBUTE_GENERATED] = True + self.user.save() self.__check_policy_access(app, request) Event.new( @@ -471,9 +470,6 @@ def __create_user_from_jwt(self, token: dict[str, Any], app: Application, source self.user, created = User.objects.update_or_create( username=f"{self.provider.name}-{token.get('sub')}", defaults={ - "attributes": { - USER_ATTRIBUTE_GENERATED: True, - }, "last_login": timezone.now(), "name": ( f"Autogenerated user from application {app.name} (client credentials JWT)" @@ -482,6 +478,8 @@ def __create_user_from_jwt(self, token: dict[str, Any], app: Application, source "type": UserTypes.SERVICE_ACCOUNT, }, ) + self.user.attributes[USER_ATTRIBUTE_GENERATED] = True + self.user.save() exp = token.get("exp") if created and exp: self.user.attributes[USER_ATTRIBUTE_EXPIRES] = exp