From b189d07d53d602c8f966559254c8c0035215ee86 Mon Sep 17 00:00:00 2001 From: jimmythedog Date: Thu, 2 May 2019 16:55:04 +0100 Subject: [PATCH] dexidp#1440 Add offline_access scope, if required Without this scope, a refresh token will not be returned from Microsoft --- connector/microsoft/microsoft.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/connector/microsoft/microsoft.go b/connector/microsoft/microsoft.go index 730c77e3..3eb83837 100644 --- a/connector/microsoft/microsoft.go +++ b/connector/microsoft/microsoft.go @@ -25,6 +25,9 @@ const ( // Microsoft requires this scope to list groups the user is a member of // and resolve their UUIDs to groups names. scopeGroups = "directory.read.all" + // Microsoft requires this scope to return a refresh token + // see https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent#offline_access + scopeOfflineAccess = "offline_access" ) // Config holds configuration options for microsoft logins. @@ -92,6 +95,10 @@ func (c *microsoftConnector) oauth2Config(scopes connector.Scopes) *oauth2.Confi microsoftScopes = append(microsoftScopes, scopeGroups) } + if scopes.OfflineAccess { + microsoftScopes = append(microsoftScopes, scopeOfflineAccess) + } + return &oauth2.Config{ ClientID: c.clientID, ClientSecret: c.clientSecret,