Merge pull request #1441 from jimmythedog/1440-fix-msoft-refresh-token

dexidp#1440 Add offline_access scope, if required
2020-07-08 16:13:26 +02:00 · 2020-07-08 16:13:26 +02:00 · 62efe7bf07
commit 62efe7bf07
parent 1d892c6cac b189d07d53
1 changed files with 7 additions and 0 deletions
--- a/connector/microsoft/microsoft.go
+++ b/connector/microsoft/microsoft.go
@ -36,6 +36,9 @@ const (
 	// Microsoft requires this scope to list groups the user is a member of
 	// and resolve their ids to groups names.
 	scopeGroups = "directory.read.all"
+	// Microsoft requires this scope to return a refresh token
+	// see https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent#offline_access
+	scopeOfflineAccess = "offline_access"
 )

 // Config holds configuration options for microsoft logins.
@ -122,6 +125,10 @@ func (c *microsoftConnector) oauth2Config(scopes connector.Scopes) *oauth2.Confi
 		microsoftScopes = append(microsoftScopes, scopeGroups)
 	}

+	if scopes.OfflineAccess {
+		microsoftScopes = append(microsoftScopes, scopeOfflineAccess)
+	}
+
 	return &oauth2.Config{
 		ClientID:     c.clientID,
 		ClientSecret: c.clientSecret,