I am using an application called CodeTogether which supports SSO via OIDC. For the SSO provider, we are using OneLogin where we have set up an OIDC application with some very basic config.
Login redirect URI: https://<codetogether-server>/sso/authorization-code/callback
Logout URI: https://<codetogether-server>/sso/logout
Application type: Web
Token endpoint: Basic
Everything else is the defaults from OneLogin.
In the well-known configuration for our OneLogin OIDC, the offline_access
scope is not in the scopes_supported
attribute. CodeTogether requests this scope in the callback request when attempting to login.
The callback request is the following: https://<onelogin>/oidc/2/auth?client_id=<oidc client id>&scope=openid%20profile%20offline_access&response_type=code&redirect_uri=https%3A%2F%2F<codetogether server>%2Fsso%2Fauthorization-code%2Fcallback&state=<state>
Some information on how to enable this scope in OneLogin would be great, thanks!
According to OneLogin Documentation , offline_access is supported in Password Grant flow. Using it with Implicit or Authorization Code flow will cause an error.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.