diff --git a/cmd/dex/config.go b/cmd/dex/config.go index 482075f3..b1beb850 100644 --- a/cmd/dex/config.go +++ b/cmd/dex/config.go @@ -72,6 +72,9 @@ func (p password) toPassword() (storage.Password, error) { // OAuth2 describes enabled OAuth2 extensions. type OAuth2 struct { ResponseTypes []string `yaml:"responseTypes"` + // If specified, do not prompt the user to approve client authorization. The + // act of logging in implies authorization. + SkipApprovalScreen bool `yaml:"skipApprovalScreen"` } // Web is the config format for the HTTP server. diff --git a/cmd/dex/serve.go b/cmd/dex/serve.go index 0e35e6af..17a63613 100644 --- a/cmd/dex/serve.go +++ b/cmd/dex/serve.go @@ -116,6 +116,7 @@ func serve(cmd *cobra.Command, args []string) error { serverConfig := server.Config{ SupportedResponseTypes: c.OAuth2.ResponseTypes, + SkipApprovalScreen: c.OAuth2.SkipApprovalScreen, Issuer: c.Issuer, Connectors: connectors, Storage: s, diff --git a/server/server.go b/server/server.go index 703af668..904d826e 100644 --- a/server/server.go +++ b/server/server.go @@ -41,6 +41,10 @@ type Config struct { // flow. If no response types are supplied this value defaults to "code". SupportedResponseTypes []string + // If enabled, the server won't prompt the user to approve authorization requests. + // Logging in implies approval. + SkipApprovalScreen bool + RotateKeysAfter time.Duration // Defaults to 6 hours. IDTokensValidFor time.Duration // Defaults to 24 hours @@ -73,7 +77,6 @@ type Server struct { templates *templates // If enabled, don't prompt user for approval after logging in through connector. - // No package level API to set this, only used in tests. skipApproval bool supportedResponseTypes map[string]bool @@ -145,6 +148,7 @@ func newServer(c Config, rotationStrategy rotationStrategy) (*Server, error) { ), supportedResponseTypes: supported, idTokensValidFor: value(c.IDTokensValidFor, 24*time.Hour), + skipApproval: c.SkipApprovalScreen, now: now, templates: tmpls, }