I am using an application called CodeTogether which supports SSO via OIDC. For the SSO provider, we are using OneLogin where we have set up an OIDC application with some very basic config.
Login redirect URI: https://<codetogether-server>/sso/authorization-code/callback
Logout URI: https://<codetogether-server>/sso/logout
Application type: Web
Token endpoint: Basic
Everything else is the defaults from OneLogin.
In the well-known configuration for our OneLogin OIDC, the offline_access scope is not in the scopes_supported attribute. CodeTogether requests this scope in the callback request when attempting to login.
The callback request is the following: https://<onelogin>/oidc/2/auth?client_id=<oidc client id>&scope=openid%20profile%20offline_access&response_type=code&redirect_uri=https%3A%2F%2F<codetogether server>%2Fsso%2Fauthorization-code%2Fcallback&state=<state>
Some information on how to enable this scope in OneLogin would be great, thanks!
