From 6bfd188503bb3413a2e9dd49bced74b24b4a8d16 Mon Sep 17 00:00:00 2001
From: Setu Shah <setu4993@yahoo.co.in>
Date: Fri, 15 May 2020 13:12:47 -0700
Subject: [PATCH] Skip OAuth2 for OIDC backend

---
 app/server/social_auth.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/app/server/social_auth.py b/app/server/social_auth.py
index d555605d..32c6400d 100644
--- a/app/server/social_auth.py
+++ b/app/server/social_auth.py
@@ -79,6 +79,11 @@ def fetch_okta_oauth2_permissions(strategy, details, user=None, is_new=False, *a
     if not user or not isinstance(kwargs['backend'], OktaOAuth2):
         return
 
+    # OktaOpenIdConnect inherits `OktaOAuth2`, so we have to explicitly skip OAuth2 trying
+    # to fetch permissions when using OIDC backend.
+    if isinstance(kwargs['backend'], OktaOpenIdConnect):
+        return
+
     response = requests.post(
         url=f"{org_url}/v1/userinfo",
         headers={