Skip to content
Snippets Groups Projects
Unverified Commit 30ea963b authored by Joel Speed's avatar Joel Speed Committed by GitHub
Browse files

Merge pull request #1656 from taxibeat/oidc-prompt-type 

Make prompt configurable for oidc offline_access
parents b7cf7010 d33a76fa
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Documentation/connectors/oidc.md
+ 5
0
View file @ 30ea963b
...@@ -83,6 +83,11 @@ connectors: ...@@ -83,6 +83,11 @@ connectors:
# The set claim is used as user name. # The set claim is used as user name.
# Default: name # Default: name
# userNameKey: nickname # userNameKey: nickname
# For offline_access, the prompt parameter is set by default to "prompt=consent".
# However this is not supported by all OIDC providers, some of them support different
# value for prompt, like "prompt=login" or "prompt=none"
# promptType: consent
``` ```
[oidc-doc]: openid-connect.md [oidc-doc]: openid-connect.md
......
connector/oidc/oidc.go
+ 11
1
View file @ 30ea963b
...@@ -54,6 +54,9 @@ type Config struct { ...@@ -54,6 +54,9 @@ type Config struct {
// Configurable key which contains the user name claim // Configurable key which contains the user name claim
UserNameKey string `json:"userNameKey"` UserNameKey string `json:"userNameKey"`
// PromptType will be used fot the prompt parameter (when offline_access, by default prompt=consent)
PromptType string `json:"promptType"`
} }
// Domains that don't support basic auth. golang.org/x/oauth2 has an internal // Domains that don't support basic auth. golang.org/x/oauth2 has an internal
...@@ -113,6 +116,11 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e ...@@ -113,6 +116,11 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e
scopes = append(scopes, "profile", "email") scopes = append(scopes, "profile", "email")
} }
// PromptType should be "consent" by default, if not set
if c.PromptType == "" {
c.PromptType = "consent"
}
clientID := c.ClientID clientID := c.ClientID
return &oidcConnector{ return &oidcConnector{
provider: provider, provider: provider,
...@@ -135,6 +143,7 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e ...@@ -135,6 +143,7 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e
getUserInfo: c.GetUserInfo, getUserInfo: c.GetUserInfo,
userIDKey: c.UserIDKey, userIDKey: c.UserIDKey,
userNameKey: c.UserNameKey, userNameKey: c.UserNameKey,
promptType: c.PromptType,
}, nil }, nil
} }
...@@ -156,6 +165,7 @@ type oidcConnector struct { ...@@ -156,6 +165,7 @@ type oidcConnector struct {
getUserInfo bool getUserInfo bool
userIDKey string userIDKey string
userNameKey string userNameKey string
promptType string
} }
func (c *oidcConnector) Close() error { func (c *oidcConnector) Close() error {
...@@ -178,7 +188,7 @@ func (c *oidcConnector) LoginURL(s connector.Scopes, callbackURL, state string) ...@@ -178,7 +188,7 @@ func (c *oidcConnector) LoginURL(s connector.Scopes, callbackURL, state string)
} }
if s.OfflineAccess { if s.OfflineAccess {
opts = append(opts, oauth2.AccessTypeOffline, oauth2.SetAuthURLParam("prompt", "consent")) opts = append(opts, oauth2.AccessTypeOffline, oauth2.SetAuthURLParam("prompt", c.promptType))
} }
return c.oauth2Config.AuthCodeURL(state, opts...), nil return c.oauth2Config.AuthCodeURL(state, opts...), nil
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment