api: only set auth_via when actually authenticating via token

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
goauthentik · Mar 31, 2022 · fbfad16 · fbfad16
1 parent bcabce2
commit fbfad16
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/authentik/api/authentication.py b/authentik/api/authentication.py
@@ -38,12 +38,12 @@ def bearer_auth(raw_header: bytes) -> Optional[User]:
         return None
     if not hasattr(LOCAL, "authentik"):
         LOCAL.authentik = {}
-    LOCAL.authentik[KEY_AUTH_VIA] = "api_token"
     # first, check traditional tokens
     key_token = Token.filter_not_expired(
         key=auth_credentials, intent=TokenIntents.INTENT_API
     ).first()
     if key_token:
+        LOCAL.authentik[KEY_AUTH_VIA] = "api_token"
         return key_token.user
     # then try to auth via JWT
     jwt_token = RefreshToken.filter_not_expired(