add config to explicitly set scopes for microsoft connector (#2582)

Signed-off-by: Bob Callaway <bcallaway@google.com>
This commit is contained in:
Bob Callaway 2022-07-27 09:03:29 -07:00 committed by GitHub
parent 83e2df821e
commit e1a407830d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -58,6 +58,8 @@ type Config struct {
// For valid values, see https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow#request-an-authorization-code. // For valid values, see https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow#request-an-authorization-code.
PromptType string `json:"promptType"` PromptType string `json:"promptType"`
DomainHint string `json:"domainHint"` DomainHint string `json:"domainHint"`
Scopes []string `json:"scopes"` // defaults to scopeUser (user.read)
} }
// Open returns a strategy for logging in through Microsoft. // Open returns a strategy for logging in through Microsoft.
@ -77,6 +79,7 @@ func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error)
emailToLowercase: c.EmailToLowercase, emailToLowercase: c.EmailToLowercase,
promptType: c.PromptType, promptType: c.PromptType,
domainHint: c.DomainHint, domainHint: c.DomainHint,
scopes: c.Scopes,
} }
// By default allow logins from both personal and business/school // By default allow logins from both personal and business/school
// accounts. // accounts.
@ -122,6 +125,7 @@ type microsoftConnector struct {
emailToLowercase bool emailToLowercase bool
promptType string promptType string
domainHint string domainHint string
scopes []string
} }
func (c *microsoftConnector) isOrgTenant() bool { func (c *microsoftConnector) isOrgTenant() bool {
@ -133,7 +137,12 @@ func (c *microsoftConnector) groupsRequired(groupScope bool) bool {
} }
func (c *microsoftConnector) oauth2Config(scopes connector.Scopes) *oauth2.Config { func (c *microsoftConnector) oauth2Config(scopes connector.Scopes) *oauth2.Config {
microsoftScopes := []string{scopeUser} var microsoftScopes []string
if len(c.scopes) > 0 {
microsoftScopes = c.scopes
} else {
microsoftScopes = append(microsoftScopes, scopeUser)
}
if c.groupsRequired(scopes.Groups) { if c.groupsRequired(scopes.Groups) {
microsoftScopes = append(microsoftScopes, scopeGroups) microsoftScopes = append(microsoftScopes, scopeGroups)
} }