Ensure validation for v3 in tokenView only happens on refresh token

JamesDemeryNava · JamesDemeryNava · commit 8b69aeaa0474 · 2025-12-04T12:04:20.000-05:00
diff --git a/apps/dot_ext/views/authorization.py b/apps/dot_ext/views/authorization.py
@@ -480,9 +480,12 @@ def validate_v3_token_call(self, request) -> None:
     def post(self, request, *args, **kwargs):
         path_info = self.request.__dict__.get('path_info')
         version = get_api_version_number_from_url(path_info)
+        url_query = parse_qs(request._body.decode('utf-8'))
+        grant_type = url_query.get('grant_type', [None])
         # If it is not version 3, we don't need to check anything, just return
+        # We only want to execute this on refresh_token grant types, not authorization_code
         try:
-            if version == Versions.V3:
+            if version == Versions.V3 and grant_type[0] and grant_type[0] == 'refresh_token':
                 self.validate_v3_token_call(request)
             self.validate_token_endpoint_request_body(request)
             app = validate_app_is_active(request)
