mirror
/
dex
mirror of https://github.com/dexidp/dex.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge pull request #1656 from taxibeat/oidc-prompt-type 

Make prompt configurable for oidc offline_access
pull/1664/head
Joel Speed 6 years ago committed by GitHub
parent
b7cf701032 d33a76fa19
commit
30ea963bb6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 16 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 5
      Documentation/connectors/oidc.md
  2. 12
      connector/oidc/oidc.go

5
Documentation/connectors/oidc.md
Unescape View File

@ -83,6 +83,11 @@ connectors:
# The set claim is used as user name.
# Default: name
# userNameKey: nickname
# For offline_access, the prompt parameter is set by default to "prompt=consent".
# However this is not supported by all OIDC providers, some of them support different
# value for prompt, like "prompt=login" or "prompt=none"
# promptType: consent
```
[oidc-doc]: openid-connect.md

12
connector/oidc/oidc.go
Unescape View File

@ -54,6 +54,9 @@ type Config struct {
// Configurable key which contains the user name claim
UserNameKey string `json:"userNameKey"`
// PromptType will be used fot the prompt parameter (when offline_access, by default prompt=consent)
PromptType string `json:"promptType"`
}
// Domains that don't support basic auth. golang.org/x/oauth2 has an internal
@ -113,6 +116,11 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e
scopes = append(scopes, "profile", "email")
}
// PromptType should be "consent" by default, if not set
if c.PromptType == "" {
c.PromptType = "consent"
}
clientID := c.ClientID
return &oidcConnector{
provider: provider,
@ -135,6 +143,7 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e
getUserInfo: c.GetUserInfo,
userIDKey: c.UserIDKey,
userNameKey: c.UserNameKey,
promptType: c.PromptType,
}, nil
}
@ -156,6 +165,7 @@ type oidcConnector struct {
getUserInfo bool
userIDKey string
userNameKey string
promptType string
}
func (c *oidcConnector) Close() error {
@ -178,7 +188,7 @@ func (c *oidcConnector) LoginURL(s connector.Scopes, callbackURL, state string)
}
if s.OfflineAccess {
opts = append(opts, oauth2.AccessTypeOffline, oauth2.SetAuthURLParam("prompt", "consent"))
opts = append(opts, oauth2.AccessTypeOffline, oauth2.SetAuthURLParam("prompt", c.promptType))
}
return c.oauth2Config.AuthCodeURL(state, opts...), nil
}

Write Preview
Loading…
Cancel
Save