puiterwijk
Add resource parameter to sent authorization URI
I use flask-oidc with microsoft ADFS. I need to specify the resource parameter in the sent authorization URI like:
https://xyz.com/adfs/oauth2/authorize/?client_id=abc&redirect_uri=abc&scope=openid+profile+allatclaims&access_type=offline&response_type=code&state=123&resource=myres
Otherwise I don't get all needed user information inside of the token from ADFS. I do not exactly know why the ADFS of my company needs this resource parameter to return full user information as part of the token, but without the resource parameter, it doesn't work.
I couldn't find a config attribute in this package to specify this. Am I overlooking something? I am wondering wether this is interesting for a bigger audience.
In flask_oidc/__init__.py in the function redirect_to_auth_server, we could simply add this line in order to make it configurable:
if current_app.config['OIDC_RESOURCE_URI']: extra_params['resource'] = current_app.config['OIDC_RESOURCE_URI']
Is there a simpler way or would this be a good extension of the config?
The extra 'resource' query parameter required by ADFS can be specified in the app.config with the 'OIDC_EXTRA_REQUEST_AUTH_PARAMS' key.
app.config.update({
...
'OIDC_EXTRA_REQUEST_AUTH_PARAMS': { 'resource': 'the-client-id' }
})
