search

greenpau / caddy-security

🔐 Authentication, Authorization, and Accounting (AAA) App and Plugin for Caddy v2. 💎 Implements Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA/2FA with App Authenticators and Yubico. 💎 Authorization with JWT/PASETO tokens. 🔐
https://authcrunch.com/
Apache License 2.0
1.39k stars 70 forks source link

question: How to get refresh_token from Azure SSO #281

Open cdebadri opened 11 months ago

cdebadri commented 11 months ago

I'm using caddy-security to perform the authentication to my site. I'm using Azure Oauth2.0 for SSO. Now post authentication I'm having the access_token as a cookie on my site. But I'm not able to get the refresh_token. Is there configuration I can enable to get the refresh_token as well? Here's an example of the config that I'm using:


{
  security {
    oauth identity provider azure-auth {
        realm azure
        driver azure
        client_id ENV{data_gov_portal_client_id}
        client_secret ENV{data_gov_portal_client_secret}
        scopes openid email profile offline_access
        tenant_id ENV{tenant_id}
    }
    authentication portal authn-az {
        enable identity provider azure-auth
    }
    authorization policy authz-policy {
      set auth url /auth/oauth2/azure
      allow roles authp/admin authp/guest anonymous
      acl default allow
    }
  }
}
greenpau commented 11 months ago

@cdebadri , this is a feature request. I don't have access to Azure environment. If you want to have this implemented, I would need a tenant from you where I can tinker with the code.