consul/nairobi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add OIDC section for sign in and sign up page

Browse Source 
- name: :oidc → Identifier for this login provider in the app.
- scope: [:openid, :email, :profile] → Tells the provider we want the user’s ID (openid), their email, and basic profile info (name, picture, etc.).
- response_type: :code → Uses Authorization Code Flow, which is more secure because tokens are not exposed in the URL.
- issuer: Rails.application.secrets.oidc_issuer → The base URL of the OIDC provider (e.g., Auth0). Used to find its config.
- discovery: true → Automatically fetches the provider’s endpoints from its discovery document instead of manually setting them.
- client_auth_method: :basic → Sends client ID and secret using HTTP Basic Auth when exchanging the code for tokens.

Add system tests for OIDC Auth

Edit the oauth docs to support OIDC auth
This commit is contained in:
Anamika Aggarwal
2025-08-07 05:31:13 +00:00
committed by Javi Martín
parent eab5f52e19
commit 5e263baed2
17 changed files with 390 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
docs/en/features/oauth.md
View File

@@ -1,10 +1,10 @@
# Authentication with external services (OAuth)
You can configure authentication services with external OAuth providers. Right now, Twitter, Facebook, Google, Wordpress and SAML are supported.
You can configure authentication services with external OAuth providers. Right now, Twitter, Facebook, Google, Wordpress, SAML and OpenID Connect (OIDC) are supported.
## 1. Create an App on the platform
For Twitter, Facebook, Google and Wordpress, go to their developers section and follow their guides to create an app. For SAML, you'll have to configure an Identity Provider (IdP).
For Twitter, Facebook, Google and Wordpress, go to their developers section and follow their guides to create an app. For SAML, you'll have to configure an Identity Provider (IdP). For OIDC, you'll need to register your application with an OpenID Connect provider.
## 2. Set the authentication URL of your Consul Democracy installation
@@ -21,6 +21,8 @@ user_wordpress_oauth2_omniauth_authorize GET|POST /users/auth/wordpress_oauth2(.
user_wordpress_oauth2_omniauth_callback GET|POST /users/auth/wordpress_oauth2/callback(.:format) users/omniauth_callbacks#wordpress_oauth2
user_saml_omniauth_authorize GET|POST /users/auth/saml(.:format) users/omniauth_callbacks#passthru
user_saml_omniauth_callback GET|POST /users/auth/saml/callback(.:format) users/omniauth_callbacks#saml
user_oidc_omniauth_authorize GET|POST /users/auth/oidc(.:format) users/omniauth_callbacks#passthru
user_oidc_omniauth_callback GET|POST /users/auth/oidc/callback(.:format) users/omniauth_callbacks#oidc
```
So for example the URL for Facebook application would be `yourdomain.com/users/auth/facebook/callback`.
@@ -42,4 +44,8 @@ When you complete the application registration you'll get a *key* and *secret* v
saml_sp_entity_id: "https://yoursp.org/entityid"
saml_idp_metadata_url: "https://youridp.org/api/saml/metadata"
saml_idp_sso_service_url: "https://youridp.org/api/saml/sso"
oidc_client_id: "your-oidc-client-id"
oidc_client_secret: "your-oidc-client-secret"
oidc_issuer: "https://your-oidc-provider.com"
oidc_redirect_uri: "https://yourapp.com/users/auth/oidc/callback"
```

10
docs/es/features/oauth.md
View File

@@ -1,10 +1,10 @@
# Autenticación con servicios externos (OAuth)
Puedes configurar la autenticación con servicios externos usando OAuth. Actualmente, se pueden utilizar Twitter, Facebook, Google, Wordpress y SAML.
Puedes configurar la autenticación con servicios externos usando OAuth. Actualmente, se pueden utilizar Twitter, Facebook, Google, Wordpress, SAML y OpenID Connect (OIDC).
## 1. Crea una aplicación en la plataforma
Para Twitter, Facebook, Google y Wordpress, sigue las instrucciones en la sección de desarrolladores de su página web. Para SAML, tendrás que configurar tu propio proveedor de identidad (IdP).
Para Twitter, Facebook, Google y Wordpress, sigue las instrucciones en la sección de desarrolladores de su página web. Para SAML, tendrás que configurar tu propio proveedor de identidad (IdP). Para OIDC, tendrás que registrar tu aplicación con un proveedor de OpenID Connect.
## 2. Establece la URL de autenticación de tu instalación de Consul Democracy
@@ -21,6 +21,8 @@ user_wordpress_oauth2_omniauth_authorize GET|POST /users/auth/wordpress_oauth2(.
user_wordpress_oauth2_omniauth_callback GET|POST /users/auth/wordpress_oauth2/callback(.:format) users/omniauth_callbacks#wordpress_oauth2
user_saml_omniauth_authorize GET|POST /users/auth/saml(.:format) users/omniauth_callbacks#passthru
user_saml_omniauth_callback GET|POST /users/auth/saml/callback(.:format) users/omniauth_callbacks#saml
user_oidc_omniauth_authorize GET|POST /users/auth/oidc(.:format) users/omniauth_callbacks#passthru
user_oidc_omniauth_callback GET|POST /users/auth/oidc/callback(.:format) users/omniauth_callbacks#oidc
```
Por ejemplo para Facebook la URL sería `yourdomain.com/users/auth/facebook/callback`.
@@ -42,4 +44,8 @@ Cuando completes el registro de la aplicación en su plataforma te darán un *ke
saml_sp_entity_id: "https://tusp.org/entityid"
saml_idp_metadata_url: "https://tuidp.org/api/saml/metadata"
saml_idp_sso_service_url: "https://tuidp.org/api/saml/sso"
oidc_client_id: "tu-id-de-cliente-oidc"
oidc_client_secret: "tu-secreto-de-cliente-oidc"
oidc_issuer: "https://tu-proveedor-oidc.com"
oidc_redirect_uri: "https://tuaplicacion.com/users/auth/oidc/callback"
```