From 33045a792bec5b48fb061501bca95f15403846dc Mon Sep 17 00:00:00 2001 From: Ed Bardsley Date: Sat, 25 Jul 2015 16:27:49 -0700 Subject: [PATCH] Add a flag to set the value of "approval_prompt". By setting this to "force", certain providers, like Google, will interject an additional prompt on every new session. With other values, like "auto", this prompt is not forced upon the user. --- README.md | 1 + main.go | 1 + options.go | 21 ++++++++++++++------- providers/provider_data.go | 17 +++++++++-------- providers/provider_default.go | 2 +- 5 files changed, 26 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index 370f100..35fced3 100644 --- a/README.md +++ b/README.md @@ -94,6 +94,7 @@ An example [oauth2_proxy.cfg](contrib/oauth2_proxy.cfg.example) config file is i ``` Usage of oauth2_proxy: + -approval_prompt="force": Oauth approval_prompt -authenticated-emails-file="": authenticate against emails via file (one per line) -client-id="": the OAuth Client ID: ie: "123456.apps.googleusercontent.com" -client-secret="": the OAuth Client Secret diff --git a/main.go b/main.go index e752409..79f349c 100644 --- a/main.go +++ b/main.go @@ -63,6 +63,7 @@ func main() { flagSet.String("profile-url", "", "Profile access endpoint") flagSet.String("validate-url", "", "Access token validation endpoint") flagSet.String("scope", "", "Oauth scope specification") + flagSet.String("approval-prompt", "force", "Oauth approval_prompt") flagSet.Parse(os.Args[1:]) diff --git a/options.go b/options.go index 99e0ef4..56ab944 100644 --- a/options.go +++ b/options.go @@ -46,12 +46,13 @@ type Options struct { // These options allow for other providers besides Google, with // potential overrides. - Provider string `flag:"provider" cfg:"provider"` - LoginUrl string `flag:"login-url" cfg:"login_url"` - RedeemUrl string `flag:"redeem-url" cfg:"redeem_url"` - ProfileUrl string `flag:"profile-url" cfg:"profile_url"` - ValidateUrl string `flag:"validate-url" cfg:"validate_url"` - Scope string `flag:"scope" cfg:"scope"` + Provider string `flag:"provider" cfg:"provider"` + LoginUrl string `flag:"login-url" cfg:"login_url"` + RedeemUrl string `flag:"redeem-url" cfg:"redeem_url"` + ProfileUrl string `flag:"profile-url" cfg:"profile_url"` + ValidateUrl string `flag:"validate-url" cfg:"validate_url"` + Scope string `flag:"scope" cfg:"scope"` + ApprovalPrompt string `flag:"approval-prompt" cfg:"approval_prompt"` RequestLogging bool `flag:"request-logging" cfg:"request_logging"` @@ -76,6 +77,7 @@ func NewOptions() *Options { PassBasicAuth: true, PassAccessToken: false, PassHostHeader: true, + ApprovalPrompt: "force", RequestLogging: true, } } @@ -165,7 +167,12 @@ func (o *Options) Validate() error { } func parseProviderInfo(o *Options, msgs []string) []string { - p := &providers.ProviderData{Scope: o.Scope, ClientID: o.ClientID, ClientSecret: o.ClientSecret} + p := &providers.ProviderData{ + Scope: o.Scope, + ClientID: o.ClientID, + ClientSecret: o.ClientSecret, + ApprovalPrompt: o.ApprovalPrompt, + } p.LoginUrl, msgs = parseUrl(o.LoginUrl, "login", msgs) p.RedeemUrl, msgs = parseUrl(o.RedeemUrl, "redeem", msgs) p.ProfileUrl, msgs = parseUrl(o.ProfileUrl, "profile", msgs) diff --git a/providers/provider_data.go b/providers/provider_data.go index 40cda04..6ddfed1 100644 --- a/providers/provider_data.go +++ b/providers/provider_data.go @@ -5,14 +5,15 @@ import ( ) type ProviderData struct { - ProviderName string - ClientID string - ClientSecret string - LoginUrl *url.URL - RedeemUrl *url.URL - ProfileUrl *url.URL - ValidateUrl *url.URL - Scope string + ProviderName string + ClientID string + ClientSecret string + LoginUrl *url.URL + RedeemUrl *url.URL + ProfileUrl *url.URL + ValidateUrl *url.URL + Scope string + ApprovalPrompt string } func (p *ProviderData) Data() *ProviderData { return p } diff --git a/providers/provider_default.go b/providers/provider_default.go index b18212f..d0b46b9 100644 --- a/providers/provider_default.go +++ b/providers/provider_default.go @@ -80,7 +80,7 @@ func (p *ProviderData) GetLoginURL(redirectURI, finalRedirect string) string { a = *p.LoginUrl params, _ := url.ParseQuery(a.RawQuery) params.Set("redirect_uri", redirectURI) - params.Set("approval_prompt", "force") + params.Set("approval_prompt", p.ApprovalPrompt) params.Add("scope", p.Scope) params.Set("client_id", p.ClientID) params.Set("response_type", "code")