Merge pull request #4 from robbiemcmichael/offline-as-scope-fix

Fix offline_as_scope option
fydrah · Oct 10, 2018 · 42b2547 · 42b2547
2 parents 9c9a911 + 0d1d0e2
commit 42b2547
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 21 deletions.
diff --git a/config.go b/config.go
@@ -38,7 +38,7 @@ type AppConfig struct {
  RootCA string `yaml:"root_ca"`
  } `yaml:"issuer"`
  ExtraScopes []string `yaml:"extra_scopes"`
- OfflineAsScope bool  `yaml:"offline_as_scope"`
+ OfflineAsScope *bool `yaml:"offline_as_scope"`
  CrossClients []string `yaml:"cross_clients"`
  } `yaml:"oidc"`
  Tls struct {

diff --git a/main.go b/main.go
@@ -88,13 +88,11 @@ func (s *Server) PrepareCallbackUrl() string {
  }
 
  scopes = append(scopes, "openid", "profile", "email", "groups")
- if s.config.OIDC.OfflineAsScope {
+ if *s.config.OIDC.OfflineAsScope {
  scopes = append(scopes, "offline_access")
  authCodeURL = s.OAuth2Config(scopes).AuthCodeURL(s.config.Name)
- } else if !s.config.OIDC.OfflineAsScope {
- authCodeURL = s.OAuth2Config(scopes).AuthCodeURL(s.config.Name)
  } else {
- authCodeURL = s.OAuth2Config(scopes).AuthCodeURL(s.config.Name, oauth2.AccessTypeOffline)
+ authCodeURL = s.OAuth2Config(scopes).AuthCodeURL(s.config.Name)
  }
  return authCodeURL
 }
@@ -265,21 +263,21 @@ func (s *Server) Run() error {
  return fmt.Errorf("Failed to parse provider scopes_supported: %v", err)
  }
 
- if len(ss.ScopesSupported) == 0 {
- // scopes_supported is a "RECOMMENDED" discovery claim, not a required
- // one. If missing, assume that the provider follows the spec and has
- // an "offline_access" scope.
- s.config.OIDC.OfflineAsScope = true
- } else {
- // See if scopes_supported has the "offline_access" scope.
- s.config.OIDC.OfflineAsScope = func() bool {
- for _, scope := range ss.ScopesSupported {
- if scope == oidc.ScopeOfflineAccess {
- return true
+ if s.config.OIDC.OfflineAsScope == nil {
+ if len(ss.ScopesSupported) > 0 {
+ // See if scopes_supported has the "offline_access" scope.
+ s.config.OIDC.OfflineAsScope = func() *bool {
+ b := new(bool)
+ for _, scope := range ss.ScopesSupported {
+ if scope == oidc.ScopeOfflineAccess {
+ *b = true
+ return b
+ }
  }
- }
- return false
- }()
+ *b = false
+ return b
+ }()
+ }
  }
 
  s.provider = provider

diff --git a/templates.go b/templates.go
@@ -80,11 +80,13 @@ var tokenTmpl = template.Must(template.New("token.html").Parse(`<html>
  user:
  auth-provider:
  config:
+ idp-issuer-url: {{ .Claims.iss }}
  client-id: {{ .ClientID }}
- client-secret: {{ .ClientSecret }}
  id-token: {{ .IDToken }}
- idp-issuer-url: {{ .Claims.iss }}
+{{- if ne .RefreshToken "" }}
+ client-secret: {{ .ClientSecret }}
  refresh-token: {{ .RefreshToken }}
+{{- end }}
  name: oidc</code></pre>
  </div>
  </li>