Revert "Prevent automatic OAuth grants for public clients (#30790) (#30836)"

earl-warren · earl-warren · commit 677131213333 · 2024-05-22T16:37:00.000+02:00
This reverts commit 248a5b8. This commit introduces a regression descrdibed at go-gitea/gitea#30790 (comment) There is a commit to try and fix it, but it is similarly untested. Let's not accumulate regressions and wait until it is either field tested by humans in Gitea or a test is written. https://github.com/go-gitea/gitea/pull/31015/files
diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go
@@ -469,9 +469,8 @@ func AuthorizeOAuth(ctx *context.Context) {
 		return
 	}
 
-	// Redirect if user already granted access and the application is confidential.
-	// I.e. always require authorization for public clients as recommended by RFC 6749 Section 10.2
-	if app.ConfidentialClient && grant != nil {
+	// Redirect if user already granted access
+	if grant != nil {
 		code, err := grant.GenerateNewAuthorizationCode(ctx, form.RedirectURI, form.CodeChallenge, form.CodeChallengeMethod)
 		if err != nil {
 			handleServerError(ctx, form.State, form.RedirectURI)
