Merge pull request #1656 from taxibeat/oidc-prompt-type
Make prompt configurable for oidc offline_access
This commit is contained in:
commit
30ea963bb6
@ -83,6 +83,11 @@ connectors:
|
|||||||
# The set claim is used as user name.
|
# The set claim is used as user name.
|
||||||
# Default: name
|
# Default: name
|
||||||
# userNameKey: nickname
|
# userNameKey: nickname
|
||||||
|
|
||||||
|
# For offline_access, the prompt parameter is set by default to "prompt=consent".
|
||||||
|
# However this is not supported by all OIDC providers, some of them support different
|
||||||
|
# value for prompt, like "prompt=login" or "prompt=none"
|
||||||
|
# promptType: consent
|
||||||
```
|
```
|
||||||
|
|
||||||
[oidc-doc]: openid-connect.md
|
[oidc-doc]: openid-connect.md
|
||||||
|
@ -54,6 +54,9 @@ type Config struct {
|
|||||||
|
|
||||||
// Configurable key which contains the user name claim
|
// Configurable key which contains the user name claim
|
||||||
UserNameKey string `json:"userNameKey"`
|
UserNameKey string `json:"userNameKey"`
|
||||||
|
|
||||||
|
// PromptType will be used fot the prompt parameter (when offline_access, by default prompt=consent)
|
||||||
|
PromptType string `json:"promptType"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// Domains that don't support basic auth. golang.org/x/oauth2 has an internal
|
// Domains that don't support basic auth. golang.org/x/oauth2 has an internal
|
||||||
@ -113,6 +116,11 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e
|
|||||||
scopes = append(scopes, "profile", "email")
|
scopes = append(scopes, "profile", "email")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// PromptType should be "consent" by default, if not set
|
||||||
|
if c.PromptType == "" {
|
||||||
|
c.PromptType = "consent"
|
||||||
|
}
|
||||||
|
|
||||||
clientID := c.ClientID
|
clientID := c.ClientID
|
||||||
return &oidcConnector{
|
return &oidcConnector{
|
||||||
provider: provider,
|
provider: provider,
|
||||||
@ -135,6 +143,7 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e
|
|||||||
getUserInfo: c.GetUserInfo,
|
getUserInfo: c.GetUserInfo,
|
||||||
userIDKey: c.UserIDKey,
|
userIDKey: c.UserIDKey,
|
||||||
userNameKey: c.UserNameKey,
|
userNameKey: c.UserNameKey,
|
||||||
|
promptType: c.PromptType,
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -156,6 +165,7 @@ type oidcConnector struct {
|
|||||||
getUserInfo bool
|
getUserInfo bool
|
||||||
userIDKey string
|
userIDKey string
|
||||||
userNameKey string
|
userNameKey string
|
||||||
|
promptType string
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *oidcConnector) Close() error {
|
func (c *oidcConnector) Close() error {
|
||||||
@ -178,7 +188,7 @@ func (c *oidcConnector) LoginURL(s connector.Scopes, callbackURL, state string)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if s.OfflineAccess {
|
if s.OfflineAccess {
|
||||||
opts = append(opts, oauth2.AccessTypeOffline, oauth2.SetAuthURLParam("prompt", "consent"))
|
opts = append(opts, oauth2.AccessTypeOffline, oauth2.SetAuthURLParam("prompt", c.promptType))
|
||||||
}
|
}
|
||||||
return c.oauth2Config.AuthCodeURL(state, opts...), nil
|
return c.oauth2Config.AuthCodeURL(state, opts...), nil
|
||||||
}
|
}
|
||||||
|
Reference in New Issue
Block a user