feat: OIDC password grant supports other client authentication methods

2023-11-18 19:20:14 +01:00 · 2023-11-18 19:20:14 +01:00 · 771d3952a3
commit 771d3952a3
parent fa24c2e810
2 changed files with 7 additions and 0 deletions
--- a/CHANGES.rst
+++ b/CHANGES.rst
@ -3,6 +3,11 @@ All notable changes to this project will be documented in this file.
 The format is based on `Keep a Changelog <https://keepachangelog.com/en/1.0.0/>`_,
 and this project adheres to `Semantic Versioning <https://semver.org/spec/v2.0.0.html>`_.

+Added
+*****
+
+- Refresh token grant supports other client authentication methods. :pr:`156`
+
 Changed
 *******

--- a/canaille/oidc/oauth.py
+++ b/canaille/oidc/oauth.py
@ -221,6 +221,8 @@ class PasswordGrant(_ResourceOwnerPasswordCredentialsGrant):


 class RefreshTokenGrant(_RefreshTokenGrant):
+    TOKEN_ENDPOINT_AUTH_METHODS = ["client_secret_basic", "client_secret_post", "none"]
+
    def authenticate_refresh_token(self, refresh_token):
        token = models.Token.query(refresh_token=refresh_token)
        if token and token[0].is_refresh_token_active():