File tree Expand file tree Collapse file tree 2 files changed +21
-0
lines changed Expand file tree Collapse file tree 2 files changed +21
-0
lines changed Original file line number Diff line number Diff line change @@ -714,6 +714,20 @@ describe("OAuth Authorization", () => {
714
714
expect ( authorizationUrl . searchParams . has ( "state" ) ) . toBe ( false ) ;
715
715
} ) ;
716
716
717
+ // OpenID Connect requires that the user is prompted for consent if the scope includes 'offline_access'
718
+ it ( "includes consent prompt parameter if scope includes 'offline_access'" , async ( ) => {
719
+ const { authorizationUrl } = await startAuthorization (
720
+ "https://auth.example.com" ,
721
+ {
722
+ clientInformation : validClientInfo ,
723
+ redirectUrl : "http://localhost:3000/callback" ,
724
+ scope : "read write profile offline_access" ,
725
+ }
726
+ ) ;
727
+
728
+ expect ( authorizationUrl . searchParams . get ( "prompt" ) ) . toBe ( "consent" ) ;
729
+ } ) ;
730
+
717
731
it ( "uses metadata authorization_endpoint when provided" , async ( ) => {
718
732
const { authorizationUrl } = await startAuthorization (
719
733
"https://auth.example.com" ,
Original file line number Diff line number Diff line change @@ -614,6 +614,13 @@ export async function startAuthorization(
614
614
authorizationUrl . searchParams . set ( "scope" , scope ) ;
615
615
}
616
616
617
+ if ( scope ?. includes ( "offline_access" ) ) {
618
+ // if the request includes the OIDC-only "offline_access" scope,
619
+ // we need to set the prompt to "consent" to ensure the user is prompted to grant offline access
620
+ // https://openid.net/specs/openid-connect-core-1_0.html#OfflineAccess
621
+ authorizationUrl . searchParams . append ( "prompt" , "consent" ) ;
622
+ }
623
+
617
624
if ( resource ) {
618
625
authorizationUrl . searchParams . set ( "resource" , resource . href ) ;
619
626
}
You can’t perform that action at this time.
0 commit comments