network
network copied to clipboard
Published
20 hours ago •
ory
ory
fix: set access_type=offline if scope offline_access is requested in the google oidc provider
Preflight checklist
- [X] I could not find a solution in the existing issues, docs, nor discussions.
- [X] I agree to follow this project's Code of Conduct.
- [X] I have read and am following this repository's Contribution Guidelines.
- [X] This issue affects my Ory Network project.
- [X] I have joined the Ory Community Slack.
- [ ] I am signed up to the Ory Security Patch Newsletter.
Describe the bug
google doesn't support the scope "offline_access" instead it uses the parameter access_type=offline
the oidc provider needs to detect if "offline_access" is requested, remove it from the scope list and add access_type=offline to the auth_url
Reproducing the bug
set the identity as follows
the auth_url and token_url values are ignored
oidc:
config:
providers:
- client_id: xxxx
client_secret: xxx
id: google
label: Google
mapper_url: xxx
provider: google
scope:
- email
- profile
- offline_access
- https://www.googleapis.com/auth/gmail.compose
- https://www.googleapis.com/auth/gmail.readonly
Relevant log output
No response
Relevant configuration
No response
Version
ory-network
On which operating system are you observing this issue?
None
In which environment are you deploying?
None
Additional Context
No response
https://github.com/ory/kratos/pull/3088
instead of overriding the AUTH_URL I've made an attempt to adapt the google oicd provider to work the way google expects