Automatically set the redirect URI in OIDC
When we first added OIDC support, we were configuring the redirect URI in the devise initializer, just like we did for other providers. Thanks to the changes in the previous commit, that code is no longer in the devise initializer, which means we can use `url_helpers` to get the redirect URI. This means we no longer need to define this URI in the secrets. This is particularly useful for multitenancy; previously, we had to define the redirect URI for every tenant because different tenants use different domains or different subdomains.
This commit is contained in:
Anamika Aggarwal
committed by
Javi Martín
Javi Martín
parent
c3b5232907
commit
86bbfcaa0c
@@ -22,8 +22,7 @@ module OmniauthTenantSetup
|
||||
end
|
||||
|
||||
def oidc(env)
|
||||
oidc_auth(env, secrets.oidc_client_id,
|
||||
secrets.oidc_client_secret, secrets.oidc_issuer, secrets.oidc_redirect_uri)
|
||||
oidc_auth(env, secrets.oidc_client_id, secrets.oidc_client_secret, secrets.oidc_issuer)
|
||||
end
|
||||
|
||||
private
|
||||
@@ -60,14 +59,18 @@ module OmniauthTenantSetup
|
||||
end
|
||||
end
|
||||
|
||||
def oidc_auth(env, client_id, client_secret, issuer, redirect_uri)
|
||||
def oidc_auth(env, client_id, client_secret, issuer)
|
||||
strategy = env["omniauth.strategy"]
|
||||
|
||||
strategy.options[:issuer] = issuer if issuer.present?
|
||||
strategy.options[:client_options] ||= {}
|
||||
strategy.options[:client_options][:identifier] = client_id if client_id.present?
|
||||
strategy.options[:client_options][:secret] = client_secret if client_secret.present?
|
||||
strategy.options[:client_options][:redirect_uri] = redirect_uri if redirect_uri.present?
|
||||
strategy.options[:client_options][:redirect_uri] = oidc_redirect_uri if oidc_redirect_uri.present?
|
||||
end
|
||||
|
||||
def oidc_redirect_uri
|
||||
Rails.application.routes.url_helpers.user_oidc_omniauth_callback_url(Tenant.current_url_options)
|
||||
end
|
||||
|
||||
def secrets
|
||||
|
||||
@@ -97,7 +97,6 @@ staging:
|
||||
oidc_client_id: ""
|
||||
oidc_client_secret: ""
|
||||
oidc_issuer: ""
|
||||
oidc_redirect_uri: ""
|
||||
<<: *maps
|
||||
<<: *apis
|
||||
|
||||
@@ -160,7 +159,6 @@ preproduction:
|
||||
oidc_client_id: ""
|
||||
oidc_client_secret: ""
|
||||
oidc_issuer: ""
|
||||
oidc_redirect_uri: ""
|
||||
<<: *maps
|
||||
<<: *apis
|
||||
|
||||
@@ -222,6 +220,5 @@ production:
|
||||
oidc_client_id: ""
|
||||
oidc_client_secret: ""
|
||||
oidc_issuer: ""
|
||||
oidc_redirect_uri: ""
|
||||
<<: *maps
|
||||
<<: *apis
|
||||
|
||||
@@ -47,5 +47,4 @@ When you complete the application registration you'll get a *key* and *secret* v
|
||||
oidc_client_id: "your-oidc-client-id"
|
||||
oidc_client_secret: "your-oidc-client-secret"
|
||||
oidc_issuer: "https://your-oidc-provider.com"
|
||||
oidc_redirect_uri: "https://yourapp.com/users/auth/oidc/callback"
|
||||
```
|
||||
|
||||
@@ -47,5 +47,4 @@ Cuando completes el registro de la aplicación en su plataforma te darán un *ke
|
||||
oidc_client_id: "tu-id-de-cliente-oidc"
|
||||
oidc_client_secret: "tu-secreto-de-cliente-oidc"
|
||||
oidc_issuer: "https://tu-proveedor-oidc.com"
|
||||
oidc_redirect_uri: "https://tuaplicacion.com/users/auth/oidc/callback"
|
||||
```
|
||||
|
||||
@@ -86,6 +86,10 @@ describe OmniauthTenantSetup do
|
||||
end
|
||||
|
||||
describe "#oidc" do
|
||||
before do
|
||||
allow(Tenant).to receive(:default_url_options).and_return({ host: "consul.dev" })
|
||||
end
|
||||
|
||||
it "uses different secrets for different tenants" do
|
||||
create(:tenant, schema: "mars")
|
||||
create(:tenant, schema: "venus")
|
||||
@@ -94,19 +98,16 @@ describe OmniauthTenantSetup do
|
||||
oidc_client_id: "default-client-id",
|
||||
oidc_client_secret: "default-client-secret",
|
||||
oidc_issuer: "https://default-oidc.example.com",
|
||||
oidc_redirect_uri: "https://default.consul.dev/auth/oidc/callback",
|
||||
tenants: {
|
||||
mars: {
|
||||
oidc_client_id: "mars-client-id",
|
||||
oidc_client_secret: "mars-client-secret",
|
||||
oidc_issuer: "https://mars-oidc.example.com",
|
||||
oidc_redirect_uri: "https://mars.consul.dev/auth/oidc/callback"
|
||||
oidc_issuer: "https://mars-oidc.example.com"
|
||||
},
|
||||
venus: {
|
||||
oidc_client_id: "venus-client-id",
|
||||
oidc_client_secret: "venus-client-secret",
|
||||
oidc_issuer: "https://venus-oidc.example.com",
|
||||
oidc_redirect_uri: "https://venus.consul.dev/auth/oidc/callback"
|
||||
oidc_issuer: "https://venus-oidc.example.com"
|
||||
}
|
||||
}
|
||||
)
|
||||
@@ -124,7 +125,7 @@ describe OmniauthTenantSetup do
|
||||
expect(mars_strategy_options[:issuer]).to eq "https://mars-oidc.example.com"
|
||||
expect(mars_client_options[:secret]).to eq "mars-client-secret"
|
||||
expect(mars_client_options[:identifier]).to eq "mars-client-id"
|
||||
expect(mars_client_options[:redirect_uri]).to eq "https://mars.consul.dev/auth/oidc/callback"
|
||||
expect(mars_client_options[:redirect_uri]).to eq "http://mars.consul.dev/users/auth/oidc/callback"
|
||||
end
|
||||
|
||||
Tenant.switch("venus") do
|
||||
@@ -140,7 +141,7 @@ describe OmniauthTenantSetup do
|
||||
expect(venus_strategy_options[:issuer]).to eq "https://venus-oidc.example.com"
|
||||
expect(venus_client_options[:identifier]).to eq "venus-client-id"
|
||||
expect(venus_client_options[:secret]).to eq "venus-client-secret"
|
||||
expect(venus_client_options[:redirect_uri]).to eq "https://venus.consul.dev/auth/oidc/callback"
|
||||
expect(venus_client_options[:redirect_uri]).to eq "http://venus.consul.dev/users/auth/oidc/callback"
|
||||
end
|
||||
end
|
||||
|
||||
@@ -151,13 +152,11 @@ describe OmniauthTenantSetup do
|
||||
oidc_client_id: "default-client-id",
|
||||
oidc_client_secret: "default-client-secret",
|
||||
oidc_issuer: "https://default-oidc.example.com",
|
||||
oidc_redirect_uri: "https://default.consul.dev/auth/oidc/callback",
|
||||
tenants: {
|
||||
mars: {
|
||||
oidc_client_id: "mars-client-id",
|
||||
oidc_client_secret: "mars-client-secret",
|
||||
oidc_issuer: "https://mars-oidc.example.com",
|
||||
oidc_redirect_uri: "https://mars.consul.dev/auth/oidc/callback"
|
||||
oidc_issuer: "https://mars-oidc.example.com"
|
||||
}
|
||||
}
|
||||
)
|
||||
@@ -175,7 +174,7 @@ describe OmniauthTenantSetup do
|
||||
expect(earth_strategy_options[:issuer]).to eq "https://default-oidc.example.com"
|
||||
expect(earth_client_options[:identifier]).to eq "default-client-id"
|
||||
expect(earth_client_options[:secret]).to eq "default-client-secret"
|
||||
expect(earth_client_options[:redirect_uri]).to eq "https://default.consul.dev/auth/oidc/callback"
|
||||
expect(earth_client_options[:redirect_uri]).to eq "http://earth.consul.dev/users/auth/oidc/callback"
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user