diff --git a/connector/microsoft/microsoft.go b/connector/microsoft/microsoft.go index 142a7c6c3f867e5c8909effcaac9745d3e2e5146..ff27182d6e012c87e23d4923817e8f74242953b0 100644 --- a/connector/microsoft/microsoft.go +++ b/connector/microsoft/microsoft.go @@ -36,6 +36,9 @@ const ( // Microsoft requires this scope to list groups the user is a member of // and resolve their ids to groups names. scopeGroups = "directory.read.all" + // Microsoft requires this scope to return a refresh token + // see https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent#offline_access + scopeOfflineAccess = "offline_access" ) // Config holds configuration options for microsoft logins. @@ -122,6 +125,10 @@ func (c *microsoftConnector) oauth2Config(scopes connector.Scopes) *oauth2.Confi microsoftScopes = append(microsoftScopes, scopeGroups) } + if scopes.OfflineAccess { + microsoftScopes = append(microsoftScopes, scopeOfflineAccess) + } + return &oauth2.Config{ ClientID: c.clientID, ClientSecret: c.clientSecret,