feat: Add acr_values support for OIDC
Signed-off-by: Engin Diri <engin.diri@mail.schwarz>
This commit is contained in:
parent
b83ba01c40
commit
5d9d68106a
@ -44,6 +44,11 @@ type Config struct {
|
|||||||
// InsecureEnableGroups enables groups claims. This is disabled by default until https://github.com/dexidp/dex/issues/1065 is resolved
|
// InsecureEnableGroups enables groups claims. This is disabled by default until https://github.com/dexidp/dex/issues/1065 is resolved
|
||||||
InsecureEnableGroups bool `json:"insecureEnableGroups"`
|
InsecureEnableGroups bool `json:"insecureEnableGroups"`
|
||||||
|
|
||||||
|
// AcrValues (Authentication Context Class Reference Values) that specifies the Authentication Context Class Values
|
||||||
|
// within the Authentication Request that the Authorization Server is being requested to use for
|
||||||
|
// processing requests from this Client, with the values appearing in order of preference.
|
||||||
|
AcrValues []string `json:"acrValues"`
|
||||||
|
|
||||||
// GetUserInfo uses the userinfo endpoint to get additional claims for
|
// GetUserInfo uses the userinfo endpoint to get additional claims for
|
||||||
// the token. This is especially useful where upstreams return "thin"
|
// the token. This is especially useful where upstreams return "thin"
|
||||||
// id tokens
|
// id tokens
|
||||||
@ -154,6 +159,7 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e
|
|||||||
hostedDomains: c.HostedDomains,
|
hostedDomains: c.HostedDomains,
|
||||||
insecureSkipEmailVerified: c.InsecureSkipEmailVerified,
|
insecureSkipEmailVerified: c.InsecureSkipEmailVerified,
|
||||||
insecureEnableGroups: c.InsecureEnableGroups,
|
insecureEnableGroups: c.InsecureEnableGroups,
|
||||||
|
acrValues: c.AcrValues,
|
||||||
getUserInfo: c.GetUserInfo,
|
getUserInfo: c.GetUserInfo,
|
||||||
promptType: c.PromptType,
|
promptType: c.PromptType,
|
||||||
userIDKey: c.UserIDKey,
|
userIDKey: c.UserIDKey,
|
||||||
@ -180,6 +186,7 @@ type oidcConnector struct {
|
|||||||
hostedDomains []string
|
hostedDomains []string
|
||||||
insecureSkipEmailVerified bool
|
insecureSkipEmailVerified bool
|
||||||
insecureEnableGroups bool
|
insecureEnableGroups bool
|
||||||
|
acrValues []string
|
||||||
getUserInfo bool
|
getUserInfo bool
|
||||||
promptType string
|
promptType string
|
||||||
userIDKey string
|
userIDKey string
|
||||||
@ -209,6 +216,11 @@ func (c *oidcConnector) LoginURL(s connector.Scopes, callbackURL, state string)
|
|||||||
opts = append(opts, oauth2.SetAuthURLParam("hd", preferredDomain))
|
opts = append(opts, oauth2.SetAuthURLParam("hd", preferredDomain))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if len(c.acrValues) > 0 {
|
||||||
|
acrValues := strings.Join(c.acrValues, " ")
|
||||||
|
opts = append(opts, oauth2.SetAuthURLParam("acr_values", acrValues))
|
||||||
|
}
|
||||||
|
|
||||||
if s.OfflineAccess {
|
if s.OfflineAccess {
|
||||||
opts = append(opts, oauth2.AccessTypeOffline, oauth2.SetAuthURLParam("prompt", c.promptType))
|
opts = append(opts, oauth2.AccessTypeOffline, oauth2.SetAuthURLParam("prompt", c.promptType))
|
||||||
}
|
}
|
||||||
|
Reference in New Issue
Block a user