feat(okta): make login prompt optional

2026-01-11 19:58:28 +01:00 · 2023-06-30 14:48:15 -05:00 · 2023-06-30 14:48:15 -05:00 · c04092cfc5
commit c04092cfc5
parent 25f9960b40
2 changed files with 11 additions and 3 deletions
--- a/example/Main.hs
+++ b/example/Main.hs
@ -148,7 +148,7 @@ mkFoundation = do
    , loadPlugin oauth2Twitch "TWITCH"
    , loadPlugin oauth2WordPressDotCom "WORDPRESS_DOT_COM"
    , loadPlugin oauth2Upcase "UPCASE"
-    , loadPlugin (oauth2Okta (fromString oktaHost) "default" Nothing) "OKTA"
+    , loadPlugin (oauth2Okta False (fromString oktaHost) "default" Nothing) "OKTA"
    ]

  return App { .. }
--- a/src/Yesod/Auth/OAuth2/Okta.hs
+++ b/src/Yesod/Auth/OAuth2/Okta.hs
@ -38,6 +38,8 @@ pluginName = "okta"
 -- | Creates an Okta 'AuthPlugin' for application using the default scopes.
 oauth2Okta ::
  YesodAuth m =>
+  -- | Prompt login on authorize redirect
+  Bool ->
  -- | The host address of the Okta application (absolute)
  URI ->
  -- | The authorization server
@ -56,6 +58,8 @@ oauth2OktaWithScopes ::
  YesodAuth m =>
  -- | The scopes accessible to the 'AuthPlugin'
  [Text] ->
+  -- | Prompt login on authorize redirect
+  Bool ->
  -- | The host address of the Okta application (absolute)
  URI ->
  -- | The authorization server
@ -67,7 +71,7 @@ oauth2OktaWithScopes ::
  -- | Client Secret of the Okta application
  Text ->
  AuthPlugin m
-oauth2OktaWithScopes scopes host authorizationServer appRoot clientId clientSecret =
+oauth2OktaWithScopes scopes shouldPrompt host authorizationServer appRoot clientId clientSecret =
  authOAuth2 pluginName oauth2 $ \manager token -> do
    (User uid, userResponse) <-
      authGetProfile
@ -82,6 +86,10 @@ oauth2OktaWithScopes scopes host authorizationServer appRoot clientId clientSecr
          credsExtra = setExtra token userResponse
        }
  where
+    queryParams =
+      if shouldPrompt
+      then [scopeParam " " scopes, ("prompt", "login")]
+      else [scopeParam " " scopes]
    oauth2 =
      OAuth2
        { oauth2ClientId = clientId,
@ -89,7 +97,7 @@ oauth2OktaWithScopes scopes host authorizationServer appRoot clientId clientSecr
          oauth2AuthorizeEndpoint =
            host
              `withPath` (mkEndpointSegment authorizationServer "authorize")
-              `withQuery` [scopeParam " " scopes, ("prompt", "login")],
+              `withQuery` queryParams,
          oauth2TokenEndpoint = host `withPath` (mkEndpointSegment authorizationServer "token"),
          oauth2RedirectUri = Nothing,
          oauth2AppRoot = appRoot