From b033017bcaff2b5fa7001e4fae72d386ca90f802 Mon Sep 17 00:00:00 2001 From: Christian Brauchli Date: Tue, 16 Mar 2021 17:58:52 +0100 Subject: [PATCH 1/3] Adjust scopes to be in line with the Microsoft Identity Platform v2. Signed-off-by: Christian Brauchli --- connector/microsoft/microsoft.go | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/connector/microsoft/microsoft.go b/connector/microsoft/microsoft.go index 3a3cf3b5cc..0f0eaa76e4 100644 --- a/connector/microsoft/microsoft.go +++ b/connector/microsoft/microsoft.go @@ -32,11 +32,11 @@ const ( ) const ( - // Microsoft requires this scope to access user's profile - scopeUser = "user.read" - // Microsoft requires this scope to list groups the user is a member of - // and resolve their ids to groups names. - scopeGroups = "directory.read.all" + // Microsoft requires the scopes to start with openid + scopeOpenId = "openid" + // Get the permissions configured on the application registration + // see https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent#the-default-scope + scopeDefault = "https://graph.microsoft.com/.default" // Microsoft requires this scope to return a refresh token // see https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent#offline_access scopeOfflineAccess = "offline_access" @@ -124,10 +124,8 @@ func (c *microsoftConnector) groupsRequired(groupScope bool) bool { } func (c *microsoftConnector) oauth2Config(scopes connector.Scopes) *oauth2.Config { - microsoftScopes := []string{scopeUser} - if c.groupsRequired(scopes.Groups) { - microsoftScopes = append(microsoftScopes, scopeGroups) - } + microsoftScopes := []string{scopeOpenId} + microsoftScopes = append(microsoftScopes, scopeDefault) if scopes.OfflineAccess { microsoftScopes = append(microsoftScopes, scopeOfflineAccess) From 30c297e5c02aa106c0aacc8361426af2b1a97332 Mon Sep 17 00:00:00 2001 From: Christian Brauchli Date: Thu, 18 Mar 2021 09:16:16 +0100 Subject: [PATCH 2/3] Fix camelcase Signed-off-by: Christian Brauchli --- connector/microsoft/microsoft.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/connector/microsoft/microsoft.go b/connector/microsoft/microsoft.go index 0f0eaa76e4..9bfca762fe 100644 --- a/connector/microsoft/microsoft.go +++ b/connector/microsoft/microsoft.go @@ -33,7 +33,7 @@ const ( const ( // Microsoft requires the scopes to start with openid - scopeOpenId = "openid" + scopeOpenID = "openid" // Get the permissions configured on the application registration // see https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent#the-default-scope scopeDefault = "https://graph.microsoft.com/.default" @@ -124,7 +124,7 @@ func (c *microsoftConnector) groupsRequired(groupScope bool) bool { } func (c *microsoftConnector) oauth2Config(scopes connector.Scopes) *oauth2.Config { - microsoftScopes := []string{scopeOpenId} + microsoftScopes := []string{scopeOpenID} microsoftScopes = append(microsoftScopes, scopeDefault) if scopes.OfflineAccess { From 6407711c92b3709b880d2f23b440019e7e65a6ff Mon Sep 17 00:00:00 2001 From: Christian Brauchli Date: Mon, 4 Oct 2021 14:22:12 +0200 Subject: [PATCH 3/3] adjust release workflow --- .github/workflows/docker.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 5fd46ebcc4..ac5329f6f8 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -20,7 +20,7 @@ jobs: - name: Calculate Docker image tags id: tags env: - DOCKER_IMAGES: "ghcr.io/dexidp/dex dexidp/dex" + DOCKER_IMAGES: "ghcr.io/schuhu/dex schuhu/dex" run: | case $GITHUB_REF in refs/tags/*) VERSION=${GITHUB_REF#refs/tags/};;