- name: :oidc → Identifier for this login provider in the app.
- scope: [:openid, :email, :profile] → Tells the provider we want the user’s ID (openid), their email, and basic profile info (name, picture, etc.).
- response_type: :code → Uses Authorization Code Flow, which is more secure because tokens are not exposed in the URL.
- issuer: Rails.application.secrets.oidc_issuer → The base URL of the OIDC provider (e.g., Auth0). Used to find its config.
- discovery: true → Automatically fetches the provider’s endpoints from its discovery document instead of manually setting them.
- client_auth_method: :basic → Sends client ID and secret using HTTP Basic Auth when exchanging the code for tokens.
Add system tests for OIDC Auth
Edit the oauth docs to support OIDC auth
We now strongly recommend to upgrade one version at a time and to run
the tests before and after upgrading.
Note we use a `release` branch instead of an `upgrade` branch because
we've been mentioning the `release` branch in the release notes of every
release for years.
Since Bundler 2.4.19, including in Ruby 3.2.3, it's possible to define
the Ruby version in the Gemfile by indicating which file contains the
version [1].
There are at least two practical cases where this is an advantage.
First, people using RVM in development will no longer accidentally run
the application using the wrong Ruby version (which, before these
changes, might happen if they switch to a branch using a different Ruby
version and forget to run `rvm use` or exit the current folder and enter
it again) because they will get an error when trying to do so.
Second, people using services like Heroku no longer need to modify the
Gemfile.
The disadvantage is that, now, every time we update the Ruby version, we
have to remember to run `bundle` so our `Gemfile.lock` gets the new
version.
[1] https://github.com/rubygems/rubygems/releases/tag/bundler-v2.4.19
We had three files that were almost identical, and we can use
environment variables to specify the differences.
Note we're using the `PGUSER` and `PGPASSWORD` variables, since these
variables will automatically be used by the PostgreSQL client when we
have a blank `username` and `password` keys in the `database.yml` file
(which we did until now). The difference between these variables and the
`POSTGRES_USER` and `POSTGRES_PASSWORD` variables is that the `PG`
variables are used by the client connecting to the database, while the
`POSTGRES_` variables are used by the Docker postgresql image when
creating the database superuser.
For consistency with the code in our github workflows (and everywhere
else in the postgres world), we're respecting this double standard. The
fact that there are two different names for what's basically the same
thing makes the code confusing, though, particularly when running the
docker-compose commands, since we get the password from an environment
variable but we have to assign two different environment variables with
it.
So we're accepting both `PGPASSWORD` and `POSTGRES_PASSWORD` variables
in the database configuration file. This way, developers using
docker-compose can use `POSTGRES_PASSWORD` for everything and it'll work
fine. We're also making `PGPASSWORD` default to `POSTGRES_PASSWORD` so
we don't get a warning if we only set `POSTGRES_PASSWORD`:
```
WARN[0000] The "PGPASSWORD" variable is not set. Defaulting to a blank
string.
```
Also note we're using `DB_HOST` instead of `PGHOST` because that's the
variable Rails currently uses by default for new applications [1].
Finally, note we're using `.presence` in the `ENV` calls in the
database.yml file. The `PGPASSWORD` variable was set to an empty string
when running docker-compose, so using `ENV["PGPASSWORD"] ||` wouldn't
work.
[1] https://github.com/rails/rails/blob/c90a8701e5/railties/lib/rails/generators/rails/app/templates/config/databases/postgresql.yml.tt#L22
Depending on the size of the window, these images can look pretty bad
when they're displayed right after some text, since on GitBook they
might appear in the middle of the paragraph.
While this leads to a bit of duplication, since now the same code is in
both the Spanish and English texts, and it makes it harder to actually
run the code, it'll make it easier for people reading the documentation
to find the code, and we get rid of the confusingly-named `doc/` folder.
We don't use the `config/api.yml` file since commit c984e666f, and the
`.delete("\n").delete(" ")` in the code examples isn't necessary (we
should have probably added it in commit 56e42f209).
We're also changing the responses so there are no references to any
specific city.
- added 2 new types
- modified the models to get data through graphQL
- modified the corresponding spec
- also testing that hidden comments do not show up
- modified comments specs bc now it returns comments on budget
investments
Most of it was up-to-date, except for the fact that Consul Democracy
already uses Rails 7.0 and that it's possible to use different languages
per tenant since commit 6de4737b7.
The alternative text of the image was useless, and we were depending on
an external server in order to display it. Furthermore, the text inside
the image was pretty small.
So we're displaying the output of the command as plain text.
There was a typo where we said we were creating the containers but we
were building the image.
While none of these commands are necessary because they're run
automatically when first running the `db:create` rake task, I think it's
better to show them separately, since the `build` command might be used
to rebuild the image, and running the `create` command separately makes
it easier to know what's going on.
We're also removing the "start database service" step, since it's
automatically started because the app service depends on it.
Finally, we're updating one command for macOS.
Docker and Docker Compose are included in most Linux distributions, and
we don't know whether the windows error we talked about is still
relevant in 2024. In any case, the Docker documentation to install
windows is a better resource for that than our documentation.
We're also using the same Docker commands for every operating system.
