3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-04 01:09:36 +02:00
Code Issues Projects Releases Packages Wiki Activity

internal/identity: fix bug in azure preventing group retrieval

Browse source
This commit is contained in:
Travis Groth 2019-07-05 18:10:10 -04:00
parent 989062db8e
commit b2754fd822
4 changed files with 8 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

12
internal/identity/microsoft.go
View file

@ -43,7 +43,7 @@ func NewAzureProvider(p *Provider) (*AzureProvider, error) {
return nil, err
}
if len(p.Scopes) == 0 {
p.Scopes = []string{oidc.ScopeOpenID, "profile", "email", "offline_access"}
p.Scopes = []string{oidc.ScopeOpenID, "profile", "email", "offline_access", "Group.Read.All"}
}
p.verifier = p.provider.Verifier(&oidc.Config{ClientID: p.ClientID})
p.oauth = &oauth2.Config{
@ -91,8 +91,13 @@ func (p *AzureProvider) Authenticate(ctx context.Context, code string) (*session
if err != nil {
return nil, fmt.Errorf("identity/microsoft: could not verify id_token %v", err)
}
session.AccessToken = oauth2Token.AccessToken
session.RefreshToken = oauth2Token.RefreshToken
session.Groups, err = p.UserGroups(ctx, session.AccessToken)
if err != nil {
return nil, fmt.Errorf("identity/microsoft: could not retrieve groups %v", err)
}
return session, nil
}
@ -112,17 +117,12 @@ func (p *AzureProvider) IDTokenToSession(ctx context.Context, rawIDToken string)
if err := idToken.Claims(&claims); err != nil {
return nil, fmt.Errorf("identity/microsoft: failed to parse id_token claims %v", err)
}
groups, err := p.UserGroups(ctx, claims.Email)
if err != nil {
return nil, fmt.Errorf("identity/microsoft: could not retrieve groups %v", err)
}
return &sessions.SessionState{
IDToken: rawIDToken,
RefreshDeadline: idToken.Expiry.Truncate(time.Second),
Email: claims.Email,
User: idToken.Subject,
Groups: groups,
}, nil
}