add config to explicitly set scopes for microsoft connector (#2582)

Signed-off-by: Bob Callaway <bcallaway@google.com>
This commit is contained in:
Bob Callaway 2022-07-27 09:03:29 -07:00 committed by GitHub
parent 83e2df821e
commit e1a407830d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -58,6 +58,8 @@ type Config struct {
// For valid values, see https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow#request-an-authorization-code.
PromptType string `json:"promptType"`
DomainHint string `json:"domainHint"`
Scopes []string `json:"scopes"` // defaults to scopeUser (user.read)
}
// Open returns a strategy for logging in through Microsoft.
@ -77,6 +79,7 @@ func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error)
emailToLowercase: c.EmailToLowercase,
promptType: c.PromptType,
domainHint: c.DomainHint,
scopes: c.Scopes,
}
// By default allow logins from both personal and business/school
// accounts.
@ -122,6 +125,7 @@ type microsoftConnector struct {
emailToLowercase bool
promptType string
domainHint string
scopes []string
}
func (c *microsoftConnector) isOrgTenant() bool {
@ -133,7 +137,12 @@ func (c *microsoftConnector) groupsRequired(groupScope bool) bool {
}
func (c *microsoftConnector) oauth2Config(scopes connector.Scopes) *oauth2.Config {
microsoftScopes := []string{scopeUser}
var microsoftScopes []string
if len(c.scopes) > 0 {
microsoftScopes = c.scopes
} else {
microsoftScopes = append(microsoftScopes, scopeUser)
}
if c.groupsRequired(scopes.Groups) {
microsoftScopes = append(microsoftScopes, scopeGroups)
}