Merge pull request #1441 from jimmythedog/1440-fix-msoft-refresh-token
dexidp#1440 Add offline_access scope, if required
This commit is contained in:
commit
62efe7bf07
@ -36,6 +36,9 @@ const (
|
||||
// Microsoft requires this scope to list groups the user is a member of
|
||||
// and resolve their ids to groups names.
|
||||
scopeGroups = "directory.read.all"
|
||||
// Microsoft requires this scope to return a refresh token
|
||||
// see https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent#offline_access
|
||||
scopeOfflineAccess = "offline_access"
|
||||
)
|
||||
|
||||
// Config holds configuration options for microsoft logins.
|
||||
@ -122,6 +125,10 @@ func (c *microsoftConnector) oauth2Config(scopes connector.Scopes) *oauth2.Confi
|
||||
microsoftScopes = append(microsoftScopes, scopeGroups)
|
||||
}
|
||||
|
||||
if scopes.OfflineAccess {
|
||||
microsoftScopes = append(microsoftScopes, scopeOfflineAccess)
|
||||
}
|
||||
|
||||
return &oauth2.Config{
|
||||
ClientID: c.clientID,
|
||||
ClientSecret: c.clientSecret,
|
||||
|
Reference in New Issue
Block a user