forked from mystiq/dex
Merge pull request #1656 from taxibeat/oidc-prompt-type
Make prompt configurable for oidc offline_access
This commit is contained in:
commit
30ea963bb6
2 changed files with 16 additions and 1 deletions
|
@ -83,6 +83,11 @@ connectors:
|
|||
# The set claim is used as user name.
|
||||
# Default: name
|
||||
# userNameKey: nickname
|
||||
|
||||
# For offline_access, the prompt parameter is set by default to "prompt=consent".
|
||||
# However this is not supported by all OIDC providers, some of them support different
|
||||
# value for prompt, like "prompt=login" or "prompt=none"
|
||||
# promptType: consent
|
||||
```
|
||||
|
||||
[oidc-doc]: openid-connect.md
|
||||
|
|
|
@ -54,6 +54,9 @@ type Config struct {
|
|||
|
||||
// Configurable key which contains the user name claim
|
||||
UserNameKey string `json:"userNameKey"`
|
||||
|
||||
// PromptType will be used fot the prompt parameter (when offline_access, by default prompt=consent)
|
||||
PromptType string `json:"promptType"`
|
||||
}
|
||||
|
||||
// Domains that don't support basic auth. golang.org/x/oauth2 has an internal
|
||||
|
@ -113,6 +116,11 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e
|
|||
scopes = append(scopes, "profile", "email")
|
||||
}
|
||||
|
||||
// PromptType should be "consent" by default, if not set
|
||||
if c.PromptType == "" {
|
||||
c.PromptType = "consent"
|
||||
}
|
||||
|
||||
clientID := c.ClientID
|
||||
return &oidcConnector{
|
||||
provider: provider,
|
||||
|
@ -135,6 +143,7 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e
|
|||
getUserInfo: c.GetUserInfo,
|
||||
userIDKey: c.UserIDKey,
|
||||
userNameKey: c.UserNameKey,
|
||||
promptType: c.PromptType,
|
||||
}, nil
|
||||
}
|
||||
|
||||
|
@ -156,6 +165,7 @@ type oidcConnector struct {
|
|||
getUserInfo bool
|
||||
userIDKey string
|
||||
userNameKey string
|
||||
promptType string
|
||||
}
|
||||
|
||||
func (c *oidcConnector) Close() error {
|
||||
|
@ -178,7 +188,7 @@ func (c *oidcConnector) LoginURL(s connector.Scopes, callbackURL, state string)
|
|||
}
|
||||
|
||||
if s.OfflineAccess {
|
||||
opts = append(opts, oauth2.AccessTypeOffline, oauth2.SetAuthURLParam("prompt", "consent"))
|
||||
opts = append(opts, oauth2.AccessTypeOffline, oauth2.SetAuthURLParam("prompt", c.promptType))
|
||||
}
|
||||
return c.oauth2Config.AuthCodeURL(state, opts...), nil
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue