node-oidc-provider missing offline_access scope

Question

I'm using node-oidc-provider v6 and missing offline_access scope in authorization response. I found in the library code that offline_access can be automatically removed in some cases. https://github.com/panva/node-oidc-provider/blob/v6.x/lib/actions/authorization/check_scope.js#L55

If I remove this line (line #55) everything works okay. How can I add consent to prompts?

I have endpoint to handle prompt with consent screen.

case 'consent': {
        const consent = {
          rejectedScopes: [],
          rejectedClaims: [],
          replace: false,
        };

        return oidc.interactionFinished(
          req,
          res,
          { consent },
          {
            mergeWithLastSubmission: true,
          }
        );
      }

I have the exact same issue, please LMK if you managed to figure it out — wicccked, May 11 '23 at 01:43

wicccked · Answer 1 · 2023-05-11T05:37:57.773

0

Make sure you're passing prompt=consent URL param to the initial code request (to the /auth endpoint).

More info: https://developers.google.com/identity/openid-connect/openid-connect#authenticationuriparameters

I also compared your code to mine and I'm pretty much using code from the Koa example. During the first OAuth request, consent is just an empty object. See this example for reference

edited May 11 '23 at 05:37

answered May 11 '23 at 05:32

wicccked

352
1
4
15

node-oidc-provider missing offline_access scope

1 Answers1