openid: Gather the refresh token if found.

With this commit, when the openid login page sends the refresh token in the login redirection url, the code will get it. This is helpful to support refresh openid user claims routine.
minio · Nov 25, 2024 · cf47324 · cf47324
1 parent 076b803
commit cf47324
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/pkg/auth/idp/oauth2/provider.go b/pkg/auth/idp/oauth2/provider.go
@@ -321,6 +321,15 @@ func (client *Provider) VerifyIdentity(ctx context.Context, code, state, roleARN
 				return nil, errors.New("missing access_token")
 			}
 			token.AccessToken = accessToken.(string)
+			refreshToken := oauth2Token.Extra("refresh_token")
+			if refreshToken != nil {
+				token.RefreshToken = refreshToken.(string)
+			} else {
+				// TODO in Nov 2026 : add an error when the refresh token is not found.
+				// This is not done yet because users may not have access_offline scope
+				// and this may break their deployments
+			}
+
 		}
 		return token, nil
 	}