diff --git a/connector/microsoft/microsoft.go b/connector/microsoft/microsoft.go index 730c77e3..3eb83837 100644 --- a/connector/microsoft/microsoft.go +++ b/connector/microsoft/microsoft.go @@ -25,6 +25,9 @@ const ( // Microsoft requires this scope to list groups the user is a member of // and resolve their UUIDs to groups names. scopeGroups = "directory.read.all" + // Microsoft requires this scope to return a refresh token + // see https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent#offline_access + scopeOfflineAccess = "offline_access" ) // Config holds configuration options for microsoft logins. @@ -92,6 +95,10 @@ func (c *microsoftConnector) oauth2Config(scopes connector.Scopes) *oauth2.Confi microsoftScopes = append(microsoftScopes, scopeGroups) } + if scopes.OfflineAccess { + microsoftScopes = append(microsoftScopes, scopeOfflineAccess) + } + return &oauth2.Config{ ClientID: c.clientID, ClientSecret: c.clientSecret,