Merge pull request 'Revert "Prevent automatic OAuth grants for public clients (#30790) (#30836)"' (#3867) from earl-warren/forgejo:wip-oauth-revert into v7.0/forgejo

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3867 Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
2024-05-22 15:06:48 +00:00 · 2024-05-22 15:06:48 +00:00 · b5c49a19d2
parent 07ad7dd8f6 6771312133
commit b5c49a19d2
1 changed files with 2 additions and 3 deletions
--- a/routers/web/auth/oauth.go
+++ b/routers/web/auth/oauth.go
@ -469,9 +469,8 @@ func AuthorizeOAuth(ctx *context.Context) {
 		return
 	}

-	// Redirect if user already granted access and the application is confidential.
-	// I.e. always require authorization for public clients as recommended by RFC 6749 Section 10.2
-	if app.ConfidentialClient && grant != nil {
+	// Redirect if user already granted access
+	if grant != nil {
 		code, err := grant.GenerateNewAuthorizationCode(ctx, form.RedirectURI, form.CodeChallenge, form.CodeChallengeMethod)
 		if err != nil {
 			handleServerError(ctx, form.State, form.RedirectURI)