Build opts based on scope
This commit is contained in:
parent
80995dff9b
commit
4076eed17b
@ -168,14 +168,19 @@ func (c *oidcConnector) LoginURL(s connector.Scopes, callbackURL, state string)
|
|||||||
return "", fmt.Errorf("expected callback URL %q did not match the URL in the config %q", callbackURL, c.redirectURI)
|
return "", fmt.Errorf("expected callback URL %q did not match the URL in the config %q", callbackURL, c.redirectURI)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var opts []oauth2.AuthCodeOption
|
||||||
if len(c.hostedDomains) > 0 {
|
if len(c.hostedDomains) > 0 {
|
||||||
preferredDomain := c.hostedDomains[0]
|
preferredDomain := c.hostedDomains[0]
|
||||||
if len(c.hostedDomains) > 1 {
|
if len(c.hostedDomains) > 1 {
|
||||||
preferredDomain = "*"
|
preferredDomain = "*"
|
||||||
}
|
}
|
||||||
return c.oauth2Config.AuthCodeURL(state, oauth2.AccessTypeOffline, oauth2.SetAuthURLParam("prompt", "consent"), oauth2.SetAuthURLParam("hd", preferredDomain)), nil
|
opts = append(opts, oauth2.SetAuthURLParam("hd", preferredDomain))
|
||||||
}
|
}
|
||||||
return c.oauth2Config.AuthCodeURL(state, oauth2.AccessTypeOffline, oauth2.SetAuthURLParam("prompt", "consent")), nil
|
|
||||||
|
if s.OfflineAccess {
|
||||||
|
opts = append(opts, oauth2.AccessTypeOffline, oauth2.SetAuthURLParam("prompt", "consent"))
|
||||||
|
}
|
||||||
|
return c.oauth2Config.AuthCodeURL(state, opts...), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
type oauth2Error struct {
|
type oauth2Error struct {
|
||||||
|
@ -527,7 +527,9 @@ func (s *Server) finalizeLogin(identity connector.Identity, authReq storage.Auth
|
|||||||
} else {
|
} else {
|
||||||
// Update existing OfflineSession obj with new RefreshTokenRef.
|
// Update existing OfflineSession obj with new RefreshTokenRef.
|
||||||
if err := s.storage.UpdateOfflineSessions(session.UserID, session.ConnID, func(old storage.OfflineSessions) (storage.OfflineSessions, error) {
|
if err := s.storage.UpdateOfflineSessions(session.UserID, session.ConnID, func(old storage.OfflineSessions) (storage.OfflineSessions, error) {
|
||||||
old.ConnectorData = identity.ConnectorData
|
if len(identity.ConnectorData) > 0 {
|
||||||
|
old.ConnectorData = identity.ConnectorData
|
||||||
|
}
|
||||||
return old, nil
|
return old, nil
|
||||||
}); err != nil {
|
}); err != nil {
|
||||||
s.logger.Errorf("failed to update offline session: %v", err)
|
s.logger.Errorf("failed to update offline session: %v", err)
|
||||||
|
Reference in New Issue
Block a user