When we first added OIDC support, we were configuring the redirect URI
in the devise initializer, just like we did for other providers.
Thanks to the changes in the previous commit, that code is no longer in
the devise initializer, which means we can use `url_helpers` to get the
redirect URI.
This means we no longer need to define this URI in the secrets. This is
particularly useful for multitenancy; previously, we had to define the
redirect URI for every tenant because different tenants use different
domains or different subdomains.
- name: :oidc → Identifier for this login provider in the app.
- scope: [:openid, :email, :profile] → Tells the provider we want the user’s ID (openid), their email, and basic profile info (name, picture, etc.).
- response_type: :code → Uses Authorization Code Flow, which is more secure because tokens are not exposed in the URL.
- issuer: Rails.application.secrets.oidc_issuer → The base URL of the OIDC provider (e.g., Auth0). Used to find its config.
- discovery: true → Automatically fetches the provider’s endpoints from its discovery document instead of manually setting them.
- client_auth_method: :basic → Sends client ID and secret using HTTP Basic Auth when exchanging the code for tokens.
Add system tests for OIDC Auth
Edit the oauth docs to support OIDC auth
Depending on the size of the window, these images can look pretty bad
when they're displayed right after some text, since on GitBook they
might appear in the middle of the paragraph.
While this leads to a bit of duplication, since now the same code is in
both the Spanish and English texts, and it makes it harder to actually
run the code, it'll make it easier for people reading the documentation
to find the code, and we get rid of the confusingly-named `doc/` folder.
We don't use the `config/api.yml` file since commit c984e666f, and the
`.delete("\n").delete(" ")` in the code examples isn't necessary (we
should have probably added it in commit 56e42f209).
We're also changing the responses so there are no references to any
specific city.
- added 2 new types
- modified the models to get data through graphQL
- modified the corresponding spec
- also testing that hidden comments do not show up
- modified comments specs bc now it returns comments on budget
investments
Most of it was up-to-date, except for the fact that Consul Democracy
already uses Rails 7.0 and that it's possible to use different languages
per tenant since commit 6de4737b7.
We were following it about half of the time and we even added it to our
former `.mdlrc` file. However, for some reason, MDL doesn't detect this
rule when specified in the `.mdlrc` file, so we didn't notice we weren't
following it in many cases.
Now that we're using a style file to configure MDL, we can enable this
rule again and apply it, since now MDL correctly includes it in its
report.
Note that, in order to have some consistency, we're always writing
"Consul Democracy", instead of using capital letters sometimes (but not
always), like we did until now.
This rule is broken when we have ".,;::!?" in the headers.
We have removed the ones with ":" but kept the ones
with "?", so this rule will always warn in these cases.
