fix(microsoft-shared): force prompt=consent on authorize URL
Some checks failed
Lock Threads / action (push) Has been cancelled
Some checks failed
Lock Threads / action (push) Has been cancelled
Without prompt=consent Microsoft may silently reuse a prior user consent that doesn't include our new shared-mailbox scopes (Mail.ReadWrite.Shared, Mail.Send.Shared). The result is a successful OAuth round-trip but an access token missing the scopes, leading to 403 on the Graph access check in the callback. Mirror the existing microsoft provider which sets the same flag.
This commit is contained in:
netlas
@@ -8,7 +8,8 @@ class Api::V1::Accounts::MicrosoftShared::AuthorizationsController < Api::V1::Ac
|
||||
redirect_url = microsoft_shared_client.auth_code.authorize_url(
|
||||
redirect_uri: "#{base_url}/microsoft_shared/callback",
|
||||
scope: microsoft_shared_scope,
|
||||
state: encode_microsoft_shared_state(Current.account, upn)
|
||||
state: encode_microsoft_shared_state(Current.account, upn),
|
||||
prompt: 'consent'
|
||||
)
|
||||
|
||||
if redirect_url
|
||||
|
||||
Reference in New Issue
Block a user