From e1a407830dba050ad4b692c70ceae3b7d18293c4 Mon Sep 17 00:00:00 2001 From: Bob Callaway Date: Wed, 27 Jul 2022 09:03:29 -0700 Subject: [PATCH] add config to explicitly set scopes for microsoft connector (#2582) Signed-off-by: Bob Callaway --- connector/microsoft/microsoft.go | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/connector/microsoft/microsoft.go b/connector/microsoft/microsoft.go index 2a8bbcfb..3952c94b 100644 --- a/connector/microsoft/microsoft.go +++ b/connector/microsoft/microsoft.go @@ -58,6 +58,8 @@ type Config struct { // For valid values, see https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow#request-an-authorization-code. PromptType string `json:"promptType"` DomainHint string `json:"domainHint"` + + Scopes []string `json:"scopes"` // defaults to scopeUser (user.read) } // Open returns a strategy for logging in through Microsoft. @@ -77,6 +79,7 @@ func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) emailToLowercase: c.EmailToLowercase, promptType: c.PromptType, domainHint: c.DomainHint, + scopes: c.Scopes, } // By default allow logins from both personal and business/school // accounts. @@ -122,6 +125,7 @@ type microsoftConnector struct { emailToLowercase bool promptType string domainHint string + scopes []string } func (c *microsoftConnector) isOrgTenant() bool { @@ -133,7 +137,12 @@ func (c *microsoftConnector) groupsRequired(groupScope bool) bool { } func (c *microsoftConnector) oauth2Config(scopes connector.Scopes) *oauth2.Config { - microsoftScopes := []string{scopeUser} + var microsoftScopes []string + if len(c.scopes) > 0 { + microsoftScopes = c.scopes + } else { + microsoftScopes = append(microsoftScopes, scopeUser) + } if c.groupsRequired(scopes.Groups) { microsoftScopes = append(microsoftScopes, scopeGroups) }