3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-23 22:17:14 +02:00
Code Issues Projects Releases Packages Wiki Activity

onelogin: fix default scopes for v2 (#1896)

Browse source
This commit is contained in:
Caleb Doxsey 2021-02-17 08:51:13 -07:00 committed by GitHub
parent 5be71b8e07
commit 64d247cfeb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

12
internal/identity/oidc/onelogin/onelogin.go
View file

@ -6,6 +6,7 @@ package onelogin
import ( import (
"context" "context"
"fmt" "fmt"
"strings"
oidc "github.com/coreos/go-oidc/v3/oidc" oidc "github.com/coreos/go-oidc/v3/oidc"
@ -20,7 +21,10 @@ const (
defaultProviderURL = "https://openid-connect.onelogin.com/oidc" defaultProviderURL = "https://openid-connect.onelogin.com/oidc"
) )
var defaultScopes = []string{oidc.ScopeOpenID, "profile", "email", "groups", "offline_access"} var (
defaultV1Scopes = []string{oidc.ScopeOpenID, "profile", "email", "groups", "offline_access"}
defaultV2Scopes = []string{oidc.ScopeOpenID, "profile", "email", "groups"} // v2 does not support offline_access
)
// Provider is an OneLogin implementation of the Authenticator interface. // Provider is an OneLogin implementation of the Authenticator interface.
type Provider struct { type Provider struct {
@ -34,8 +38,10 @@ func New(ctx context.Context, o *oauth.Options) (*Provider, error) {
if o.ProviderURL == "" { if o.ProviderURL == "" {
o.ProviderURL = defaultProviderURL o.ProviderURL = defaultProviderURL
} }
if len(o.Scopes) == 0 { if strings.Contains(o.ProviderURL, "/oidc/2") {
o.Scopes = defaultScopes o.Scopes = defaultV2Scopes
} else {
o.Scopes = defaultV1Scopes
} }
genericOidc, err := pom_oidc.New(ctx, o) genericOidc, err := pom_oidc.New(ctx, o)
if err != nil { if err != nil {