forked from mystiq/dex
add config to explicitly set scopes for microsoft connector (#2582)
Signed-off-by: Bob Callaway <bcallaway@google.com>
This commit is contained in:
parent
83e2df821e
commit
e1a407830d
1 changed files with 10 additions and 1 deletions
|
@ -58,6 +58,8 @@ type Config struct {
|
||||||
// For valid values, see https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow#request-an-authorization-code.
|
// For valid values, see https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow#request-an-authorization-code.
|
||||||
PromptType string `json:"promptType"`
|
PromptType string `json:"promptType"`
|
||||||
DomainHint string `json:"domainHint"`
|
DomainHint string `json:"domainHint"`
|
||||||
|
|
||||||
|
Scopes []string `json:"scopes"` // defaults to scopeUser (user.read)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Open returns a strategy for logging in through Microsoft.
|
// Open returns a strategy for logging in through Microsoft.
|
||||||
|
@ -77,6 +79,7 @@ func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error)
|
||||||
emailToLowercase: c.EmailToLowercase,
|
emailToLowercase: c.EmailToLowercase,
|
||||||
promptType: c.PromptType,
|
promptType: c.PromptType,
|
||||||
domainHint: c.DomainHint,
|
domainHint: c.DomainHint,
|
||||||
|
scopes: c.Scopes,
|
||||||
}
|
}
|
||||||
// By default allow logins from both personal and business/school
|
// By default allow logins from both personal and business/school
|
||||||
// accounts.
|
// accounts.
|
||||||
|
@ -122,6 +125,7 @@ type microsoftConnector struct {
|
||||||
emailToLowercase bool
|
emailToLowercase bool
|
||||||
promptType string
|
promptType string
|
||||||
domainHint string
|
domainHint string
|
||||||
|
scopes []string
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *microsoftConnector) isOrgTenant() bool {
|
func (c *microsoftConnector) isOrgTenant() bool {
|
||||||
|
@ -133,7 +137,12 @@ func (c *microsoftConnector) groupsRequired(groupScope bool) bool {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *microsoftConnector) oauth2Config(scopes connector.Scopes) *oauth2.Config {
|
func (c *microsoftConnector) oauth2Config(scopes connector.Scopes) *oauth2.Config {
|
||||||
microsoftScopes := []string{scopeUser}
|
var microsoftScopes []string
|
||||||
|
if len(c.scopes) > 0 {
|
||||||
|
microsoftScopes = c.scopes
|
||||||
|
} else {
|
||||||
|
microsoftScopes = append(microsoftScopes, scopeUser)
|
||||||
|
}
|
||||||
if c.groupsRequired(scopes.Groups) {
|
if c.groupsRequired(scopes.Groups) {
|
||||||
microsoftScopes = append(microsoftScopes, scopeGroups)
|
microsoftScopes = append(microsoftScopes, scopeGroups)
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue