From d33a76fa19d7ea593ba45c18d6622edf39018ca1 Mon Sep 17 00:00:00 2001
From: Chris Loukas <commixon@gmail.com>
Date: Wed, 19 Feb 2020 16:10:28 +0200
Subject: [PATCH] Make prompt configurable for oidc offline_access

---
 Documentation/connectors/oidc.md |  5 +++++
 connector/oidc/oidc.go           | 12 +++++++++++-
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/Documentation/connectors/oidc.md b/Documentation/connectors/oidc.md
index d58789ff..c472e303 100644
--- a/Documentation/connectors/oidc.md
+++ b/Documentation/connectors/oidc.md
@@ -83,6 +83,11 @@ connectors:
     # The set claim is used as user name.
     # Default: name
     # userNameKey: nickname
+
+    # For offline_access, the prompt parameter is set by default to "prompt=consent". 
+    # However this is not supported by all OIDC providers, some of them support different
+    # value for prompt, like "prompt=login" or "prompt=none"
+    # promptType: consent
 ```
 
 [oidc-doc]: openid-connect.md
diff --git a/connector/oidc/oidc.go b/connector/oidc/oidc.go
index ee6b24a8..675e4b95 100644
--- a/connector/oidc/oidc.go
+++ b/connector/oidc/oidc.go
@@ -54,6 +54,9 @@ type Config struct {
 
 	// Configurable key which contains the user name claim
 	UserNameKey string `json:"userNameKey"`
+
+	// PromptType will be used fot the prompt parameter (when offline_access, by default prompt=consent)
+	PromptType string `json:"promptType"`
 }
 
 // Domains that don't support basic auth. golang.org/x/oauth2 has an internal
@@ -113,6 +116,11 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e
 		scopes = append(scopes, "profile", "email")
 	}
 
+	// PromptType should be "consent" by default, if not set
+	if c.PromptType == "" {
+		c.PromptType = "consent"
+	}
+
 	clientID := c.ClientID
 	return &oidcConnector{
 		provider:    provider,
@@ -135,6 +143,7 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e
 		getUserInfo:               c.GetUserInfo,
 		userIDKey:                 c.UserIDKey,
 		userNameKey:               c.UserNameKey,
+		promptType:                c.PromptType,
 	}, nil
 }
 
@@ -156,6 +165,7 @@ type oidcConnector struct {
 	getUserInfo               bool
 	userIDKey                 string
 	userNameKey               string
+	promptType                string
 }
 
 func (c *oidcConnector) Close() error {
@@ -178,7 +188,7 @@ func (c *oidcConnector) LoginURL(s connector.Scopes, callbackURL, state string)
 	}
 
 	if s.OfflineAccess {
-		opts = append(opts, oauth2.AccessTypeOffline, oauth2.SetAuthURLParam("prompt", "consent"))
+		opts = append(opts, oauth2.AccessTypeOffline, oauth2.SetAuthURLParam("prompt", c.promptType))
 	}
 	return c.oauth2Config.AuthCodeURL(state, opts...), nil
 }