From 55bf98231e9694631fef084769c76d44162fcb48 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Mon, 1 Jan 2024 23:49:34 +0100
Subject: [PATCH] when requesting offline_access, set prompt to consent

https://openid.net/specs/openid-connect-core-1_0.html#OfflineAccess
---
 pkg/client.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkg/client.go b/pkg/client.go
index b2ef025..4503c95 100644
--- a/pkg/client.go
+++ b/pkg/client.go
@@ -230,6 +230,9 @@ func (c *OIDCClient) oauthInit(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	opts := []oauth2.AuthCodeOption{}
+	if slices.Contains(c.config.Scopes, "offline_access") {
+		opts = append(opts, oauth2.ApprovalForce)
+	}
 	if c.doRefreshChecks {
 		opts = append(opts, oauth2.AccessTypeOffline)
 	}