dexidp#1440 Add offline_access scope, if required
Without this scope, a refresh token will not be returned from Microsoft
This commit is contained in:
parent
60f47c4228
commit
b189d07d53
1 changed files with 7 additions and 0 deletions
|
@ -25,6 +25,9 @@ const (
|
||||||
// Microsoft requires this scope to list groups the user is a member of
|
// Microsoft requires this scope to list groups the user is a member of
|
||||||
// and resolve their UUIDs to groups names.
|
// and resolve their UUIDs to groups names.
|
||||||
scopeGroups = "directory.read.all"
|
scopeGroups = "directory.read.all"
|
||||||
|
// Microsoft requires this scope to return a refresh token
|
||||||
|
// see https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent#offline_access
|
||||||
|
scopeOfflineAccess = "offline_access"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Config holds configuration options for microsoft logins.
|
// Config holds configuration options for microsoft logins.
|
||||||
|
@ -92,6 +95,10 @@ func (c *microsoftConnector) oauth2Config(scopes connector.Scopes) *oauth2.Confi
|
||||||
microsoftScopes = append(microsoftScopes, scopeGroups)
|
microsoftScopes = append(microsoftScopes, scopeGroups)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if scopes.OfflineAccess {
|
||||||
|
microsoftScopes = append(microsoftScopes, scopeOfflineAccess)
|
||||||
|
}
|
||||||
|
|
||||||
return &oauth2.Config{
|
return &oauth2.Config{
|
||||||
ClientID: c.clientID,
|
ClientID: c.clientID,
|
||||||
ClientSecret: c.clientSecret,
|
ClientSecret: c.clientSecret,
|
||||||
|
|
Reference in a new issue