From ba47aaba863ad9cf2f3be2e81f755bafb266973e Mon Sep 17 00:00:00 2001 From: Erica Taylor Date: Mon, 11 Jan 2021 11:28:55 +0000 Subject: [PATCH] microsoft: Support setting the prompt type Signed-off-by: Erica Taylor --- connector/microsoft/microsoft.go | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/connector/microsoft/microsoft.go b/connector/microsoft/microsoft.go index 3a3cf3b5..328ea152 100644 --- a/connector/microsoft/microsoft.go +++ b/connector/microsoft/microsoft.go @@ -53,6 +53,10 @@ type Config struct { GroupNameFormat GroupNameFormat `json:"groupNameFormat"` UseGroupsAsWhitelist bool `json:"useGroupsAsWhitelist"` EmailToLowercase bool `json:"emailToLowercase"` + + // PromptType is used for the prompt query parameter. + // For valid values, see https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow#request-an-authorization-code. + PromptType string `json:"promptType"` } // Open returns a strategy for logging in through Microsoft. @@ -70,6 +74,7 @@ func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) useGroupsAsWhitelist: c.UseGroupsAsWhitelist, logger: logger, emailToLowercase: c.EmailToLowercase, + promptType: c.PromptType, } // By default allow logins from both personal and business/school // accounts. @@ -113,6 +118,7 @@ type microsoftConnector struct { useGroupsAsWhitelist bool logger log.Logger emailToLowercase bool + promptType string } func (c *microsoftConnector) isOrgTenant() bool { @@ -150,7 +156,12 @@ func (c *microsoftConnector) LoginURL(scopes connector.Scopes, callbackURL, stat return "", fmt.Errorf("expected callback URL %q did not match the URL in the config %q", callbackURL, c.redirectURI) } - return c.oauth2Config(scopes).AuthCodeURL(state), nil + var options []oauth2.AuthCodeOption + if c.promptType != "" { + options = append(options, oauth2.SetAuthURLParam("prompt", c.promptType)) + } + + return c.oauth2Config(scopes).AuthCodeURL(state, options...), nil } func (c *microsoftConnector) HandleCallback(s connector.Scopes, r *http.Request) (identity connector.Identity, err error) {