openid: Gather the refresh token if found.

Anis Eleuch · Anis Eleuch · commit cf47324ef595 · 2024-11-25T19:20:37.000+01:00
With this commit, when the openid login page sends the refresh
token in the login redirection url, the code will get it. This is
helpful to support refresh openid user claims routine.
diff --git a/pkg/auth/idp/oauth2/provider.go b/pkg/auth/idp/oauth2/provider.go
@@ -321,6 +321,15 @@ func (client *Provider) VerifyIdentity(ctx context.Context, code, state, roleARN
 				return nil, errors.New("missing access_token")
 			}
 			token.AccessToken = accessToken.(string)
+			refreshToken := oauth2Token.Extra("refresh_token")
+			if refreshToken != nil {
+				token.RefreshToken = refreshToken.(string)
+			} else {
+				// TODO in Nov 2026 : add an error when the refresh token is not found.
+				// This is not done yet because users may not have access_offline scope
+				// and this may break their deployments
+			}
+
 		}
 		return token, nil
 	}

Original file line number	Diff line number	Diff line change
`@@ -321,6 +321,15 @@ func (client *Provider) VerifyIdentity(ctx context.Context, code, state, roleARN`
`321`	`321`	`return nil, errors.New("missing access_token")`
`322`	`322`	`}`
`323`	`323`	`token.AccessToken = accessToken.(string)`
	`324`	`+ refreshToken := oauth2Token.Extra("refresh_token")`
	`325`	`+ if refreshToken != nil {`
	`326`	`+ token.RefreshToken = refreshToken.(string)`
	`327`	`+ } else {`
	`328`	`+ // TODO in Nov 2026 : add an error when the refresh token is not found.`
	`329`	`+ // This is not done yet because users may not have access_offline scope`
	`330`	`+ // and this may break their deployments`
	`331`	`+ }`
	`332`	`+`
`324`	`333`	`}`
`325`	`334`	`return token, nil`
`326`	`335`	`}`