Revert "Prevent automatic OAuth grants for public clients () ()"

This reverts commit 248a5b8d7a.

This commit introduces a regression descrdibed at

https://github.com/go-gitea/gitea/pull/30790#issuecomment-2118812426

There is a commit to try and fix it, but it is similarly
untested. Let's not accumulate regressions and wait until it is either
field tested by humans in Gitea or a test is written.

https://github.com/go-gitea/gitea/pull/31015/files
This commit is contained in:
Earl Warren 2024-05-22 16:37:00 +02:00
parent 07ad7dd8f6
commit 6771312133
No known key found for this signature in database
GPG key ID: 0579CB2928A78A00

View file

@ -469,9 +469,8 @@ func AuthorizeOAuth(ctx *context.Context) {
return
}
// Redirect if user already granted access and the application is confidential.
// I.e. always require authorization for public clients as recommended by RFC 6749 Section 10.2
if app.ConfidentialClient && grant != nil {
// Redirect if user already granted access
if grant != nil {
code, err := grant.GenerateNewAuthorizationCode(ctx, form.RedirectURI, form.CodeChallenge, form.CodeChallengeMethod)
if err != nil {
handleServerError(ctx, form.State, form.RedirectURI)