openid: Gather the refresh token if found. (#3478)

When the openid login page sends the refresh token in the login redirection url, the code will get it. This is helpful to support refresh openid user claims routine. Co-authored-by: Anis Eleuch <anis@min.io>
2024-11-26 19:28:15 +01:00
parent 076b803a5c
commit 71541029e7
3 changed files with 35 additions and 28 deletions
--- a/pkg/auth/idp/oauth2/provider.go
+++ b/pkg/auth/idp/oauth2/provider.go
@@ -321,6 +321,15 @@ func (client *Provider) VerifyIdentity(ctx context.Context, code, state, roleARN
 				return nil, errors.New("missing access_token")
 			}
 			token.AccessToken = accessToken.(string)
+			refreshToken := oauth2Token.Extra("refresh_token")
+			if refreshToken != nil {
+				token.RefreshToken = refreshToken.(string)
+			} else { //nolint:revive,staticcheck
+				// TODO in Nov 2026 : add an error when the refresh token is not found.
+				// This is not done yet because users may not have access_offline scope
+				// and this may break their deployments
+			}
+
 		}
 		return token, nil
 	}