From d25842201f58365e38c7d76cd62cbdd610e05745 Mon Sep 17 00:00:00 2001
From: Peter Havekes <peter@havekes.eu>
Date: Tue, 5 Nov 2024 09:59:07 +0100
Subject: [PATCH] Add prompt=consent when requesting offline_access

---
 src/main/java/generiek/api/EnrollmentEndpoint.java | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/main/java/generiek/api/EnrollmentEndpoint.java b/src/main/java/generiek/api/EnrollmentEndpoint.java
index 4fad4fe..cfab018 100644
--- a/src/main/java/generiek/api/EnrollmentEndpoint.java
+++ b/src/main/java/generiek/api/EnrollmentEndpoint.java
@@ -575,6 +575,11 @@ private String buildAuthorizationURI(EnrollmentRequest enrollmentRequest) throws
         params.put("response_type", "code");
         params.put("redirect_uri", redirectUri);
         params.put("state", base64Enrollment);
+        //When working outside of Openconnext, the 'offline_access' is added for refresh tokens,
+        // and 'prompt=consent' should be added
+        if (enrollmentRequest.getScope().contains("offline_access")) {
+            params.put("prompt", "consent");
+        }
 
         UriComponentsBuilder builder = UriComponentsBuilder.fromUri(authorizationUri);
         params.forEach(builder::queryParam);