Build opts based on scope

This commit is contained in:
Joel Speed 2018-02-04 17:20:05 +00:00
parent 80995dff9b
commit 4076eed17b
No known key found for this signature in database
GPG key ID: 6E80578D6751DEFB
2 changed files with 10 additions and 3 deletions

View file

@ -168,14 +168,19 @@ func (c *oidcConnector) LoginURL(s connector.Scopes, callbackURL, state string)
return "", fmt.Errorf("expected callback URL %q did not match the URL in the config %q", callbackURL, c.redirectURI) return "", fmt.Errorf("expected callback URL %q did not match the URL in the config %q", callbackURL, c.redirectURI)
} }
var opts []oauth2.AuthCodeOption
if len(c.hostedDomains) > 0 { if len(c.hostedDomains) > 0 {
preferredDomain := c.hostedDomains[0] preferredDomain := c.hostedDomains[0]
if len(c.hostedDomains) > 1 { if len(c.hostedDomains) > 1 {
preferredDomain = "*" preferredDomain = "*"
} }
return c.oauth2Config.AuthCodeURL(state, oauth2.AccessTypeOffline, oauth2.SetAuthURLParam("prompt", "consent"), oauth2.SetAuthURLParam("hd", preferredDomain)), nil opts = append(opts, oauth2.SetAuthURLParam("hd", preferredDomain))
} }
return c.oauth2Config.AuthCodeURL(state, oauth2.AccessTypeOffline, oauth2.SetAuthURLParam("prompt", "consent")), nil
if s.OfflineAccess {
opts = append(opts, oauth2.AccessTypeOffline, oauth2.SetAuthURLParam("prompt", "consent"))
}
return c.oauth2Config.AuthCodeURL(state, opts...), nil
} }
type oauth2Error struct { type oauth2Error struct {

View file

@ -527,7 +527,9 @@ func (s *Server) finalizeLogin(identity connector.Identity, authReq storage.Auth
} else { } else {
// Update existing OfflineSession obj with new RefreshTokenRef. // Update existing OfflineSession obj with new RefreshTokenRef.
if err := s.storage.UpdateOfflineSessions(session.UserID, session.ConnID, func(old storage.OfflineSessions) (storage.OfflineSessions, error) { if err := s.storage.UpdateOfflineSessions(session.UserID, session.ConnID, func(old storage.OfflineSessions) (storage.OfflineSessions, error) {
old.ConnectorData = identity.ConnectorData if len(identity.ConnectorData) > 0 {
old.ConnectorData = identity.ConnectorData
}
return old, nil return old, nil
}); err != nil { }); err != nil {
s.logger.Errorf("failed to update offline session: %v", err) s.logger.Errorf("failed to update offline session: %v", err)