->addWhere('id', '=', $setupAction['oauth_client_id'])
->setStorage('OAuthSysToken')
->setTag('MailSettings:setup')
+ ->setPrompt('select_account')
->execute()
->single();
*
* @method $this setLandingUrl(string $landingUrl)
* @method string getLandingUrl()
+ * @method $this setPrompt(string $prompt)
+ * @method string getPrompt()
*
* @link https://tools.ietf.org/html/rfc6749#section-4.1
*/
*/
protected $landingUrl = NULL;
+ /**
+ * @var string
+ * Ex: 'none', 'consent', 'select_account'
+ *
+ * @see https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
+ * @see https://developers.google.com/identity/protocols/oauth2/web-server
+ */
+ protected $prompt = NULL;
+
/**
* Tee-up the authorization request.
*
'scopes' => $scopes,
'tag' => $this->getTag(),
]);
+ $authOptions = [
+ 'state' => $stateId,
+ 'scope' => $scopes,
+ ];
+ if ($this->prompt !== NULL) {
+ $authOptions['prompt'] = $this->prompt;
+ }
$result[] = [
- 'url' => $provider->getAuthorizationUrl([
- 'state' => $stateId,
- 'scope' => $scopes,
- ]),
+ 'url' => $provider->getAuthorizationUrl($authOptions),
];
}
class CiviGenericProvider extends \League\OAuth2\Client\Provider\GenericProvider {
+ protected function getAuthorizationParameters(array $options) {
+ $newOptions = parent::getAuthorizationParameters($options);
+ if (!isset($options['approval_prompt'])) {
+ // GenericProvider insists on filling in "approval_prompt", but this seems
+ // to be disfavored nowadays b/c OpenID Connect defines "prompt".
+ unset($newOptions['approval_prompt']);
+ }
+ return $newOptions;
+ }
+
}
projects / civicrm-core.git / commitdiff