Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Google Offline OAuth Config Missing #3031

Closed
4 of 6 tasks
tdipadova3rd opened this issue Jan 17, 2023 · 3 comments
Closed
4 of 6 tasks

Google Offline OAuth Config Missing #3031

tdipadova3rd opened this issue Jan 17, 2023 · 3 comments
Labels
bug Something is not working.

Comments

@tdipadova3rd
Copy link

Preflight checklist

Describe the bug

I’m configuring Google OIDC for Kratos and running into an issue getting a refresh token. The kratos docs give an example where offline access (to get a refresh_token ) requires the config:

scope:
   - offline_access

However, when. using this config Google throws an error saying this scope doesn’t exist. Google docs specify that you just need a param access_type=offline during the auth request. Is there any existing way to configure this param in Kratos? If so, can we add it to the docs? And if not, can we add the ability to add arbitrary params to the auth request?

Reproducing the bug

Steps to reproduce:

  1. Add a Google OIDC provider to Kratos self-hosted.
  2. Add the suggested offline_access (or offline) scope.
  3. Login via Google.
  4. Expected behavior is a that an initial_refresh_token will attach to the identity. Result is that Google throws an error saying whatever included scope isn't allowed/doesn't exist.

Relevant log output

No response

Relevant configuration

selfservice:
  default_browser_return_url: http://127.0.0.1:3000/
  allowed_return_urls:
    - http://127.0.0.1:3000

  methods:
    oidc:
      enabled: true
      config:
        providers:
          - id: google
            provider: google
            client_id: "" 
            mapper_url: file:///etc/config/kratos/oidc.google.jsonnet
            client_secret: "" 
            issuer_url: https://accounts.google.com
            auth_url: https://accounts.google.com/o/oauth2/v2/auth
            token_url: https://www.googleapis.com/oauth2/v4/token
            scope:
              - openid
              - email
              - profile
              - offline_access
              - https://www.googleapis.com/auth/drive.readonly
            requested_claims:
              id_token:
                email:
                email_verified:
            label: ""
        base_redirect_uri: http://127.0.0.1:4433

Version

0.11.0

On which operating system are you observing this issue?

macOS

In which environment are you deploying?

Docker Compose

Additional Context

No response
@tdipadova3rd tdipadova3rd added the bug Something is not working. label Jan 17, 2023
@tsearle
Copy link
Contributor

tsearle commented Feb 9, 2023

try this branch

#3088

@tsearle tsearle mentioned this issue Feb 9, 2023
Open
6 tasks
@tdipadova3rd
Copy link
Author

#3088

@tsearle Thank you!

@vinckr
Copy link
Member

vinckr commented Feb 21, 2023

This is already on master now @tdipadova3rd, it will be included in the next release.

@vinckr vinckr closed this as completed Feb 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something is not working.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tsearle @tdipadova3rd @vinckr