Add resource parameter to sent authorization URI

Question

Add resource parameter to sent authorization URI

Opened this issue 3 years ago · 1 comments

I use flask-oidc with microsoft ADFS. I need to specify the resource parameter in the sent authorization URI like:

https://xyz.com/adfs/oauth2/authorize/?client_id=abc&redirect_uri=abc&scope=openid+profile+allatclaims&access_type=offline&response_type=code&state=123&resource=myres

Otherwise I don't get all needed user information inside of the token from ADFS. I do not exactly know why the ADFS of my company needs this resource parameter to return full user information as part of the token, but without the resource parameter, it doesn't work.
I couldn't find a config attribute in this package to specify this. Am I overlooking something? I am wondering wether this is interesting for a bigger audience.
In flask_oidc/__init__.py in the function redirect_to_auth_server, we could simply add this line in order to make it configurable:

if current_app.config['OIDC_RESOURCE_URI']: extra_params['resource'] = current_app.config['OIDC_RESOURCE_URI']

Is there a simpler way or would this be a good extension of the config?

Answer 1 · 2022-09-06T15:43:36.000Z

The extra 'resource' query parameter required by ADFS can be specified in the app.config with the 'OIDC_EXTRA_REQUEST_AUTH_PARAMS' key.

app.config.update({
     ...
      'OIDC_EXTRA_REQUEST_AUTH_PARAMS': { 'resource': 'the-client-id' }
})