3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-07-29 14:39:40 +02:00
Code Issues Projects Releases Packages Wiki Activity

identity: only assign access_type uri params to google. (#2782)

Browse source 
* identity: only assign `access_type` uri params to google.

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

* bump upgrading

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
This commit is contained in:
bobby 2021-11-28 19:01:34 -08:00 committed by GitHub
parent cce70afe98
commit 1a7c5415e7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 14 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

4
docs/docs/upgrading.md
View file

@ -7,6 +7,10 @@ description: >-
# Since 0.15.0
### OIDC flow no longer sets default uri params
Previously, Pomerium would default to setting the uri param `access_type` to `offline` for all OpenID Connect based identity providers. However, using uri params to get ensure offline access (e.g. `refresh_tokens` used to keep user's sessions alive) [is unique to Google](https://developers.google.com/identity/protocols/oauth2/web-server#offline). Those query params will now only be set for Google. Other OIDC based IdP's should continue to work using [OIDC's](https://openid.net/specs/openid-connect-core-1_0.html#OfflineAccess) `offline_access` scope.
### Removed options
The deprecated `headers` option has been removed. Use [`set_response_headers`](/reference/readme.md#set-response-headers) instead.