Source code changes for OIDC and OAuth

❌Unsolved➕Feature Request🌟Contribution🪲Bugs

Hello there, i've seen many issue request in Github around the prompt=select_accountprompt=select_account so i've been looking in the source code and it would be great if we can do the following; this way we can add an override.

// interal/api/ui/login/external_provider_handler.go

Lines: 169 -> 172
case domain.IDPTypeOIDC:
  provider, err = l.oidcProvider(r.Context(), identityProvider, authReq)

Lines: 169 -> 172
case domain.IDPTypeOIDC:
  provider, err = l.oidcProvider(r.Context(), identityProvider, authReq)

Line: 305
provider, err := l.oidcProvider(r.Context(), identityProvider, authReq)

Line: 305
provider, err := l.oidcProvider(r.Context(), identityProvider, authReq)

Line: 1059
func (l *Login) oidcProvider(ctx context.Context, identityProvider *query.IDPTemplate, authReq *domain.AuthRequest) (*openid.Provider, error)

// Instead this method, replace: 

opts := make([]openid.ProviderOpts, 1, 3)
opts[0] = openid.WithSelectAccount()

// With (Only add WithSelectAccount if the auth request doesn't already have a prompt parameter)

opts := make([]openid.ProviderOpts, 0, 3)

if !domain.IsPrompt(authReq.Prompt, domain.PromptSelectAccount) && len(authReq.Prompt) == 0 {
  opts = append(opts, openid.WithSelectAccount())
}

Line: 1059
func (l *Login) oidcProvider(ctx context.Context, identityProvider *query.IDPTemplate, authReq *domain.AuthRequest) (*openid.Provider, error)

// Instead this method, replace: 

opts := make([]openid.ProviderOpts, 1, 3)
opts[0] = openid.WithSelectAccount()

// With (Only add WithSelectAccount if the auth request doesn't already have a prompt parameter)

opts := make([]openid.ProviderOpts, 0, 3)

if !domain.IsPrompt(authReq.Prompt, domain.PromptSelectAccount) && len(authReq.Prompt) == 0 {
  opts = append(opts, openid.WithSelectAccount())
}

A similar fix can be added to the OAuthOAuth but needs to be changed in the oauth2.gooauth2.go file

Long term solution would be being able to actually select the prompt type within the UI dashboard when setting up a provider and any other custom paramaters for forwarding.

Source code changes for OIDC and OAuth

❌Unsolved➕Feature Request🌟Contribution🪲Bugs

Lines: 169 -> 172
case domain.IDPTypeOIDC:
  provider, err = l.oidcProvider(r.Context(), identityProvider, authReq)

Lines: 169 -> 172
case domain.IDPTypeOIDC:
  provider, err = l.oidcProvider(r.Context(), identityProvider, authReq)

Line: 305
provider, err := l.oidcProvider(r.Context(), identityProvider, authReq)

Line: 305
provider, err := l.oidcProvider(r.Context(), identityProvider, authReq)

Line: 1059
func (l *Login) oidcProvider(ctx context.Context, identityProvider *query.IDPTemplate, authReq *domain.AuthRequest) (*openid.Provider, error)

// Instead this method, replace: 

opts := make([]openid.ProviderOpts, 1, 3)
opts[0] = openid.WithSelectAccount()

// With (Only add WithSelectAccount if the auth request doesn't already have a prompt parameter)

opts := make([]openid.ProviderOpts, 0, 3)

if !domain.IsPrompt(authReq.Prompt, domain.PromptSelectAccount) && len(authReq.Prompt) == 0 {
  opts = append(opts, openid.WithSelectAccount())
}

Line: 1059
func (l *Login) oidcProvider(ctx context.Context, identityProvider *query.IDPTemplate, authReq *domain.AuthRequest) (*openid.Provider, error)

// Instead this method, replace: 

opts := make([]openid.ProviderOpts, 1, 3)
opts[0] = openid.WithSelectAccount()

// With (Only add WithSelectAccount if the auth request doesn't already have a prompt parameter)

opts := make([]openid.ProviderOpts, 0, 3)

if !domain.IsPrompt(authReq.Prompt, domain.PromptSelectAccount) && len(authReq.Prompt) == 0 {
  opts = append(opts, openid.WithSelectAccount())
}

Source code changes for OIDC and OAuth

Source code changes for OIDC and OAuth

Continue the conversation

ZITADEL

Continue the conversation

ZITADEL

Similar Threads