Merge pull request #6046 from Anamika1608/oidc_auth

Add support for OIDC authentication

config/initializers/devise.rb

@@ -296,6 +296,20 @@ Devise.setup do |config|
   end
   config.omniauth :saml, saml_settings.merge(setup: ->(env) { OmniauthTenantSetup.saml(env) })
 
+  config.omniauth :openid_connect,
+                  name: :oidc,
+                  scope: [:openid, :email, :profile],
+                  response_type: :code,
+                  issuer: Rails.application.secrets.oidc_issuer,
+                  discovery: true,
+                  client_auth_method: :basic,
+                  client_options: {
+                    identifier: Rails.application.secrets.oidc_client_id,
+                    secret: Rails.application.secrets.oidc_client_secret,
+                    redirect_uri: Rails.application.secrets.oidc_redirect_uri
+                  },
+                  setup: ->(env) { OmniauthTenantSetup.oidc(env) }
+
   # ==> Warden configuration
   # If you want to use other strategies, that are not supported by Devise, or
   # change the failure app, you can configure them inside the config.warden block.

config/locales/en/general.yml

@@ -282,6 +282,10 @@ en:
       sign_in: Sign in with SAML
       sign_up: Sign up with SAML
       name: SAML
+    oidc:
+      sign_in: Sign in with OIDC
+      sign_up: Sign up with OIDC
+      name: OIDC
     or_fill: "Or fill the following form:"
   proposals:
     create:

config/locales/en/settings.yml

@@ -91,6 +91,8 @@ en:
       google_login_description: "Allow users to sign up with their Google Account"
       wordpress_login: "Wordpress login"
       wordpress_login_description: "Allow users to sign up with their Wordpress Account"
+      oidc_login: "OpenID Connect login"
+      oidc_login_description: "Allow users to sign up with OpenID Connect (OIDC)"
       saml_login: "SAML login"
       saml_login_description: "Allow users to sign up with SAML"
       featured_proposals: "Featured proposals"

config/locales/es/general.yml

@@ -279,6 +279,10 @@ es:
       sign_in: Entra con SAML
       sign_up: Regístrate con SAML
       name: SAML
+    oidc:
+      sign_in: Entra con OIDC
+      sign_up: Regístrate con OIDC
+      name: OIDC
     info:
       sign_in: "Entra con:"
       sign_up: "Regístrate con:"

config/locales/es/settings.yml

@@ -91,6 +91,8 @@ es:
       google_login_description: "Permitir que los usuarios se registren con su cuenta de Google"
       wordpress_login: "Registro con Wordpress"
       wordpress_login_description: "Permitir que los usuarios se registren con su cuenta de Wordpress"
+      oidc_login: "Registro con OpenID Connect"
+      oidc_login_description: "Permitir que los usuarios se registren usando OpenID Connect (OIDC)"
       saml_login: "Registro con SAML"
       saml_login_description: "Permitir que los usuarios se registren usando SAML"
       featured_proposals: "Propuestas destacadas"

config/secrets.yml.example

@@ -94,6 +94,10 @@ staging:
   saml_sp_entity_id: ""
   saml_idp_metadata_url: ""
   saml_idp_sso_service_url: ""
+  oidc_client_id: ""
+  oidc_client_secret: ""
+  oidc_issuer: ""
+  oidc_redirect_uri: ""
   <<: *maps
   <<: *apis
 
@@ -153,6 +157,10 @@ preproduction:
   saml_sp_entity_id: ""
   saml_idp_metadata_url: ""
   saml_idp_sso_service_url: ""
+  oidc_client_id: ""
+  oidc_client_secret: ""
+  oidc_issuer: ""
+  oidc_redirect_uri: ""
   <<: *maps
   <<: *apis
 
@@ -211,5 +219,9 @@ production:
   saml_sp_entity_id: ""
   saml_idp_metadata_url: ""
   saml_idp_sso_service_url: ""
+  oidc_client_id: ""
+  oidc_client_secret: ""
+  oidc_issuer: ""
+  oidc_redirect_uri: ""
   <<: *maps
   <<: *apis