You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I want to add custom policy, which will verify if my OAuth2 client send specific field in body of request (as I would need that in processing of scope). I can do it with i.e.
The problem is that even if I'm raising exception, I get following error in cURL: {"error": "invalid_grant", "error_description": "The provided authorization grant or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client"}
Why does exceptions raised in specific Scope Mapping aren't propagated to final response, but rather given scope isn't added to response token? Is there a way to raise exception in Scope Mapping, so the whole request return HTTP 400 instead of just ignoring adding of this scope?
The other problem is that this error is raised even when I log in to authentik - I would expect that this application policy would be executed only when my OAuth2 client is requesting token - why is it executed when I just log in to authentik portal?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I want to add custom policy, which will verify if my OAuth2 client send specific field in body of request (as I would need that in processing of scope). I can do it with i.e.
The problem is that even if I'm raising exception, I get following error in cURL:
{"error": "invalid_grant", "error_description": "The provided authorization grant or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client"}Is there a way to customize this error response? I tried to use
ak_messageas per https://docs.goauthentik.io/docs/customize/policies/expression#ak_messagemessage-str, but this message wasn't showed.Why does exceptions raised in specific Scope Mapping aren't propagated to final response, but rather given scope isn't added to response token? Is there a way to raise exception in Scope Mapping, so the whole request return HTTP 400 instead of just ignoring adding of this scope?
The other problem is that this error is raised even when I log in to authentik - I would expect that this application policy would be executed only when my OAuth2 client is requesting token - why is it executed when I just log in to authentik portal?
Beta Was this translation helpful? Give feedback.
All reactions