fix(openid/client): prompt parameter is optional

nais · Jan 24, 2025 · 062e7b0 · 062e7b0
1 parent 0b32d88
commit 062e7b0
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 2 deletions.
diff --git a/pkg/openid/client/login_test.go b/pkg/openid/client/login_test.go
@@ -176,6 +176,8 @@ func TestLogin_URL(t *testing.T) {
 					assert.Contains(t, query, "ui_locales")
 					assert.ElementsMatch(t, query["acr_values"], []string{openidConfig.Client().ACRValues()})
 					assert.ElementsMatch(t, query["ui_locales"], []string{openidConfig.Client().UILocales()})
+					assert.NotContains(t, query, "prompt")
+					assert.NotContains(t, query, "max_age")
 				}
 			}
 		})

diff --git a/pkg/openid/oauth2.go b/pkg/openid/oauth2.go
@@ -3,7 +3,8 @@ package openid
 import (
 	"fmt"
 	"net/url"
-	"strings"
+
+	"github.com/nais/wonderwall/pkg/openid/scopes"
 
 	"golang.org/x/oauth2"
 )
@@ -49,7 +50,6 @@ func (a AuthorizationCodeParams) AuthParams() AuthParams {
 		"code_challenge":        oauth2.S256ChallengeFromVerifier(a.CodeVerifier),
 		"code_challenge_method": "S256",
 		"nonce":                 a.Nonce,
-		"prompt":                a.Prompt,
 		"redirect_uri":          a.RedirectURI,
 		"response_mode":         "query",
 		"response_type":         "code",
@@ -66,6 +66,7 @@ func (a AuthorizationCodeParams) AuthParams() AuthParams {
 	}
 
 	if len(a.Prompt) > 0 {
+		params["prompt"] = a.Prompt
 		params["max_age"] = "0"
 	}