Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make prompt configurable for oidc offline_access #1656

Merged
merged 1 commit into from
Feb 28, 2020
Merged

Make prompt configurable for oidc offline_access #1656

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions Documentation/connectors/oidc.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,11 @@ connectors:
# The set claim is used as user name.
# Default: name
# userNameKey: nickname

# For offline_access, the prompt parameter is set by default to "prompt=consent".
# However this is not supported by all OIDC providers, some of them support different
# value for prompt, like "prompt=login" or "prompt=none"
# promptType: consent
```

[oidc-doc]: openid-connect.md
Expand Down
12 changes: 11 additions & 1 deletion connector/oidc/oidc.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,9 @@ type Config struct {

// Configurable key which contains the user name claim
UserNameKey string `json:"userNameKey"`

// PromptType will be used fot the prompt parameter (when offline_access, by default prompt=consent)
PromptType string `json:"promptType"`
}

// Domains that don't support basic auth. golang.org/x/oauth2 has an internal
Expand Down Expand Up @@ -113,6 +116,11 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e
scopes = append(scopes, "profile", "email")
}

// PromptType should be "consent" by default, if not set
if c.PromptType == "" {
c.PromptType = "consent"
}

clientID := c.ClientID
return &oidcConnector{
provider: provider,
Expand All @@ -135,6 +143,7 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e
getUserInfo: c.GetUserInfo,
userIDKey: c.UserIDKey,
userNameKey: c.UserNameKey,
promptType: c.PromptType,
}, nil
}

Expand All @@ -156,6 +165,7 @@ type oidcConnector struct {
getUserInfo bool
userIDKey string
userNameKey string
promptType string
}

func (c *oidcConnector) Close() error {
Expand All @@ -178,7 +188,7 @@ func (c *oidcConnector) LoginURL(s connector.Scopes, callbackURL, state string)
}

if s.OfflineAccess {
opts = append(opts, oauth2.AccessTypeOffline, oauth2.SetAuthURLParam("prompt", "consent"))
opts = append(opts, oauth2.AccessTypeOffline, oauth2.SetAuthURLParam("prompt", c.promptType))
}
return c.oauth2Config.AuthCodeURL(state, opts...), nil
}
Expand Down