mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2025-07-25 13:30:39 +00:00
Fix scope
and refresh_token
for API key logins
API key logins use a scope of `api`, not `api offline_access`. Since `offline_access` is not requested, no `refresh_token` is returned either.
This commit is contained in:
parent
69ee4a70b4
commit
8f7900759f
2 changed files with 22 additions and 14 deletions
|
@ -60,7 +60,12 @@ impl Device {
|
|||
self.twofactor_remember = None;
|
||||
}
|
||||
|
||||
pub fn refresh_tokens(&mut self, user: &super::User, orgs: Vec<super::UserOrganization>) -> (String, i64) {
|
||||
pub fn refresh_tokens(
|
||||
&mut self,
|
||||
user: &super::User,
|
||||
orgs: Vec<super::UserOrganization>,
|
||||
scope: Vec<String>,
|
||||
) -> (String, i64) {
|
||||
// If there is no refresh token, we create one
|
||||
if self.refresh_token.is_empty() {
|
||||
use crate::crypto;
|
||||
|
@ -98,7 +103,7 @@ impl Device {
|
|||
|
||||
sstamp: user.security_stamp.to_string(),
|
||||
device: self.uuid.to_string(),
|
||||
scope: vec!["api".into(), "offline_access".into()],
|
||||
scope,
|
||||
amr: vec!["Application".into()],
|
||||
};
|
||||
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue