Skip to content

Commit

Permalink
Merge pull request #276 from himmelblau-idm/dmulder/broker_scopes
Browse files Browse the repository at this point in the history
Specify scopes when making an SSO request
  • Loading branch information
dmulder authored Nov 5, 2024
2 parents 1bc67e0 + 89cdbc8 commit 87d9e74
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 7 deletions.
2 changes: 1 addition & 1 deletion Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ tracing-subscriber = "^0.3.17"
tracing = "^0.1.37"
himmelblau_unix_common = { path = "src/common" }
kanidm_unix_common = { path = "src/glue" }
libhimmelblau = { version = "0.3.5" }
libhimmelblau = { version = "0.3.6" }
clap = { version = "^4.5", features = ["derive", "env"] }
clap_complete = "^4.4.1"
reqwest = { version = "^0.12.2", features = ["json"] }
Expand Down
8 changes: 4 additions & 4 deletions src/common/src/idprovider/himmelblau.rs
Original file line number Diff line number Diff line change
Expand Up @@ -604,7 +604,7 @@ impl IdProvider for HimmelblauProvider {
.await
.exchange_prt_for_access_token(
&prt,
vec!["User.Read"],
vec![],
Some("https://graph.microsoft.com".to_string()),
tpm,
machine_key,
Expand Down Expand Up @@ -687,7 +687,7 @@ impl IdProvider for HimmelblauProvider {
.await
.acquire_token_by_refresh_token(
&$token.refresh_token,
vec!["User.Read"],
vec![],
Some("https://graph.microsoft.com".to_string()),
tpm,
machine_key,
Expand All @@ -711,7 +711,7 @@ impl IdProvider for HimmelblauProvider {
.await
.acquire_token_by_refresh_token(
&$token.refresh_token,
vec!["User.Read"],
vec![],
Some("https://graph.microsoft.com".to_string()),
tpm,
machine_key,
Expand Down Expand Up @@ -740,7 +740,7 @@ impl IdProvider for HimmelblauProvider {
.acquire_token_by_hello_for_business_key(
account_id,
&$hello_key,
vec!["User.Read"],
vec![],
Some("https://graph.microsoft.com".to_string()),
tpm,
machine_key,
Expand Down
3 changes: 1 addition & 2 deletions src/daemon/src/broker.rs
Original file line number Diff line number Diff line change
Expand Up @@ -89,10 +89,9 @@ impl HimmelblauBroker for Broker {
if request.account.username.to_lowercase() != user.spn.to_lowercase() {
return Err("Invalid request for user!".into());
}
let scopes = vec![];
let token = self
.cachelayer
.get_user_accesstoken(Id::Name(user.spn), scopes)
.get_user_accesstoken(Id::Name(user.spn), request.auth_parameters.requested_scopes)
.await
.ok_or("Failed to authenticate user")?;
let now = SystemTime::now()
Expand Down

0 comments on commit 87d9e74

Please sign in to comment.