enterprise/providers/scim: fix interactive OAuth overriding refresh_token (#22858)

* enterprise/providers/scim: fix interactive OAuth overriding refresh_token * fixup Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2026-06-17 19:09:11 +03:00 · 2026-06-04 17:32:46 +02:00
parent 38b1dbdf85
commit 5d16c90c1d
2 changed files with 5 additions and 1 deletions
@@ -68,13 +68,16 @@ class SCIMOAuthAuth:
            return conn
        token = self.retrieve_token(conn)
        access_token = token["access_token"]
+        refresh_token = token.get("refresh_token")
+        if not refresh_token and conn:
+            refresh_token = conn.refresh_token
        expires_in = int(token.get("expires_in", 0))
        token, _ = UserOAuthSourceConnection.objects.update_or_create(
            source=self.provider.auth_oauth,
            user=self.user,
            defaults={
                "access_token": access_token,
-                "refresh_token": token.get("refresh_token"),
+                "refresh_token": refresh_token,
                "expires": now() + timedelta(seconds=expires_in),
                # When using `update_or_create`, `last_updated` is not updated
                "last_updated": now(),
@@ -104,6 +104,7 @@ class TestSCIMOAuthToken(APITestCase):
            source=self.source,
            user=self.provider.auth_oauth_user,
        ).first()
+        self.assertEqual(conn.refresh_token, refresh_token)
        self.assertIsNotNone(conn)
        self.assertTrue(conn.is_valid)
        auth = (