add config to explicitly set scopes for microsoft connector (#2582)

Signed-off-by: Bob Callaway <bcallaway@google.com>
2022-07-27 09:03:29 -07:00 · 2022-07-27 09:03:29 -07:00 · e1a407830d
commit e1a407830d
parent 83e2df821e
1 changed files with 10 additions and 1 deletions
--- a/connector/microsoft/microsoft.go
+++ b/connector/microsoft/microsoft.go
@ -58,6 +58,8 @@ type Config struct {
 	// For valid values, see https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow#request-an-authorization-code.
 	PromptType string `json:"promptType"`
 	DomainHint string `json:"domainHint"`
 	Scopes []string `json:"scopes"` // defaults to scopeUser (user.read)
 }
 // Open returns a strategy for logging in through Microsoft.
@ -77,6 +79,7 @@ func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error)
 		emailToLowercase:     c.EmailToLowercase,
 		promptType:           c.PromptType,
 		domainHint:           c.DomainHint,
 		scopes:               c.Scopes,
 	}
 	// By default allow logins from both personal and business/school
 	// accounts.
@ -122,6 +125,7 @@ type microsoftConnector struct {
 	emailToLowercase     bool
 	promptType           string
 	domainHint           string
 	scopes               []string
 }
 func (c *microsoftConnector) isOrgTenant() bool {
@ -133,7 +137,12 @@ func (c *microsoftConnector) groupsRequired(groupScope bool) bool {
 }
 func (c *microsoftConnector) oauth2Config(scopes connector.Scopes) *oauth2.Config {
-	microsoftScopes := []string{scopeUser}
+	var microsoftScopes []string
 	if len(c.scopes) > 0 {
 		microsoftScopes = c.scopes
 	} else {
 		microsoftScopes = append(microsoftScopes, scopeUser)
 	}
 	if c.groupsRequired(scopes.Groups) {
 		microsoftScopes = append(microsoftScopes, scopeGroups)
 	}