From 0dbb642f2c72a49b7fb27812afc08f99539c296e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc-Andr=C3=A9=20Dufresne?=
 <marc-andre.dufresne@elementai.com>
Date: Tue, 6 Aug 2019 13:18:46 -0400
Subject: [PATCH] Add option to always display connector selection even if
 there's only one

---
 cmd/dex/config.go      | 2 ++
 cmd/dex/config_test.go | 6 ++++++
 cmd/dex/serve.go       | 1 +
 server/handlers.go     | 2 +-
 server/server.go       | 7 +++++++
 5 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/cmd/dex/config.go b/cmd/dex/config.go
index 77f4a779..15321071 100644
--- a/cmd/dex/config.go
+++ b/cmd/dex/config.go
@@ -127,6 +127,8 @@ type OAuth2 struct {
 	// If specified, do not prompt the user to approve client authorization. The
 	// act of logging in implies authorization.
 	SkipApprovalScreen bool `json:"skipApprovalScreen"`
+	// If specified, show the connector selection screen even if there's only one
+	AlwaysShowLoginScreen bool `json:"alwaysShowLoginScreen"`
 }
 
 // Web is the config format for the HTTP server.
diff --git a/cmd/dex/config_test.go b/cmd/dex/config_test.go
index 06a8e429..a38af2b3 100644
--- a/cmd/dex/config_test.go
+++ b/cmd/dex/config_test.go
@@ -76,6 +76,9 @@ staticClients:
   name: 'Example App'
   secret: ZXhhbXBsZS1hcHAtc2VjcmV0
 
+oauth2:
+  alwaysShowLoginScreen: true
+
 connectors:
 - type: mockCallback
   id: mock
@@ -140,6 +143,9 @@ logger:
 				},
 			},
 		},
+		OAuth2: OAuth2{
+			AlwaysShowLoginScreen: true,
+		},
 		StaticConnectors: []Connector{
 			{
 				Type:   "mockCallback",
diff --git a/cmd/dex/serve.go b/cmd/dex/serve.go
index 208ec9c0..a92c54dd 100644
--- a/cmd/dex/serve.go
+++ b/cmd/dex/serve.go
@@ -199,6 +199,7 @@ func serve(cmd *cobra.Command, args []string) error {
 	serverConfig := server.Config{
 		SupportedResponseTypes: c.OAuth2.ResponseTypes,
 		SkipApprovalScreen:     c.OAuth2.SkipApprovalScreen,
+		AlwaysShowLoginScreen:  c.OAuth2.AlwaysShowLoginScreen,
 		AllowedOrigins:         c.Web.AllowedOrigins,
 		Issuer:                 c.Issuer,
 		Storage:                s,
diff --git a/server/handlers.go b/server/handlers.go
index 39b98423..4cc6a1bd 100644
--- a/server/handlers.go
+++ b/server/handlers.go
@@ -249,7 +249,7 @@ func (s *Server) handleAuthorization(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if len(connectors) == 1 {
+	if len(connectors) == 1 && !s.alwaysShowLogin {
 		for _, c := range connectors {
 			// TODO(ericchiang): Make this pass on r.URL.RawQuery and let something latter
 			// on create the auth request.
diff --git a/server/server.go b/server/server.go
index e1258151..948662a3 100644
--- a/server/server.go
+++ b/server/server.go
@@ -68,6 +68,9 @@ type Config struct {
 	// Logging in implies approval.
 	SkipApprovalScreen bool
 
+	// If enabled, the connectors selection page will always be shown even if there's only one
+	AlwaysShowLoginScreen bool
+
 	RotateKeysAfter      time.Duration // Defaults to 6 hours.
 	IDTokensValidFor     time.Duration // Defaults to 24 hours
 	AuthRequestsValidFor time.Duration // Defaults to 24 hours
@@ -134,6 +137,9 @@ type Server struct {
 	// If enabled, don't prompt user for approval after logging in through connector.
 	skipApproval bool
 
+	// If enabled, show the connector selection screen even if there's only one
+	alwaysShowLogin bool
+
 	supportedResponseTypes map[string]bool
 
 	now func() time.Time
@@ -201,6 +207,7 @@ func newServer(ctx context.Context, c Config, rotationStrategy rotationStrategy)
 		idTokensValidFor:       value(c.IDTokensValidFor, 24*time.Hour),
 		authRequestsValidFor:   value(c.AuthRequestsValidFor, 24*time.Hour),
 		skipApproval:           c.SkipApprovalScreen,
+		alwaysShowLogin:        c.AlwaysShowLoginScreen,
 		now:                    now,
 		templates:              tmpls,
 		logger:                 c.Logger,
-- 
GitLab