consul/nairobi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use the same code to configure OIDC for all tenants

Browse Source 
We were following the same pattern as we used for other providers like
twitter or facebook, but for OIDC we aren't passing the key and the
secret as separate attributes but only a hash of options. This means we
don't need to duplicate the same logic in the devise initializer and the
`OmniauthTenantSetup` class.

Thanks to these changes, we'll be able to introduce dynamic redirect
URLs for both the default tenant and the other tenants (see next commit).

Note that we could probably apply similar changes for the SAML provider.
We might do so in the future. For other providers, removing the
references to `Rails.application.secrets` broke their configuration when
we tested it back in 2022 as part of the multitenancy feature. We might
check whether that's no longer the case (or whether we made a mistake
during our tests in 2022) in the future.
This commit is contained in:
Anamika Aggarwal
2025-09-09 16:50:23 +02:00
committed by Javi Martín
parent d9a0887dc9
commit c3b5232907
2 changed files with 6 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/lib/omniauth_tenant_setup.rb
View File

@@ -61,7 +61,6 @@ module OmniauthTenantSetup
end end
def oidc_auth(env, client_id, client_secret, issuer, redirect_uri) def oidc_auth(env, client_id, client_secret, issuer, redirect_uri)
unless Tenant.default?
strategy = env["omniauth.strategy"] strategy = env["omniauth.strategy"]
strategy.options[:issuer] = issuer if issuer.present? strategy.options[:issuer] = issuer if issuer.present?
@@ -70,7 +69,6 @@ module OmniauthTenantSetup
strategy.options[:client_options][:secret] = client_secret if client_secret.present? strategy.options[:client_options][:secret] = client_secret if client_secret.present?
strategy.options[:client_options][:redirect_uri] = redirect_uri if redirect_uri.present? strategy.options[:client_options][:redirect_uri] = redirect_uri if redirect_uri.present?
end end
end
def secrets def secrets
Tenant.current_secrets Tenant.current_secrets

6
config/initializers/devise.rb
View File

@@ -300,14 +300,8 @@ Devise.setup do |config|
name: :oidc, name: :oidc,
scope: [:openid, :email, :profile], scope: [:openid, :email, :profile],
response_type: :code, response_type: :code,
issuer: Rails.application.secrets.oidc_issuer,
discovery: true, discovery: true,
client_auth_method: :basic, client_auth_method: :basic,
client_options: {
identifier: Rails.application.secrets.oidc_client_id,
secret: Rails.application.secrets.oidc_client_secret,
redirect_uri: Rails.application.secrets.oidc_redirect_uri
},
setup: ->(env) { OmniauthTenantSetup.oidc(env) } setup: ->(env) { OmniauthTenantSetup.oidc(env) }
# ==> Warden configuration # ==> Warden configuration