From ada0e616954ab8b6193172ce736e47ff050102e7 Mon Sep 17 00:00:00 2001
From: Anis Eleuch <anis@min.io>
Date: Mon, 2 Dec 2024 10:33:36 +0100
Subject: [PATCH] sts: Send the refresh token in the login redirect URL

---
 pkg/credentials/sts_web_identity.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pkg/credentials/sts_web_identity.go b/pkg/credentials/sts_web_identity.go
index 787f0a38d..8c06bac60 100644
--- a/pkg/credentials/sts_web_identity.go
+++ b/pkg/credentials/sts_web_identity.go
@@ -162,6 +162,10 @@ func getWebIdentityCredentials(clnt *http.Client, endpoint, roleARN, roleSession
 		// Usually set when server is using extended userInfo endpoint.
 		v.Set("WebIdentityAccessToken", idToken.AccessToken)
 	}
+	if idToken.RefreshToken != "" {
+		// Usually set when server is using extended userInfo endpoint.
+		v.Set("WebIdentityRefreshToken", idToken.RefreshToken)
+	}
 	if idToken.Expiry > 0 {
 		v.Set("DurationSeconds", fmt.Sprintf("%d", idToken.Expiry))
 	}