consul/nairobi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
1fa3cf8ce7e479aabb29d0746773fa40a6559dd1
nairobi/docs/en/features/oauth.md
Anamika Aggarwal 86bbfcaa0c Automatically set the redirect URI in OIDC 
When we first added OIDC support, we were configuring the redirect URI
in the devise initializer, just like we did for other providers.

Thanks to the changes in the previous commit, that code is no longer in
the devise initializer, which means we can use `url_helpers` to get the
redirect URI.

This means we no longer need to define this URI in the secrets. This is
particularly useful for multitenancy; previously, we had to define the
redirect URI for every tenant because different tenants use different
domains or different subdomains.
2025-10-17 13:46:46 +02:00

51 lines
2.9 KiB
Markdown
Raw Blame History

# Authentication with external services (OAuth)
You can configure authentication services with external OAuth providers. Right now, Twitter, Facebook, Google, Wordpress, SAML and OpenID Connect (OIDC) are supported.
## 1. Create an App on the platform
For Twitter, Facebook, Google and Wordpress, go to their developers section and follow their guides to create an app. For SAML, you'll have to configure an Identity Provider (IdP). For OIDC, you'll need to register your application with an OpenID Connect provider.
## 2. Set the authentication URL of your Consul Democracy installation
They'll ask you for the authentication URL of your Consul Democracy installation, and as you can see running `rails routes | grep omniauth` at your Consul Democracy repo locally:
```bash
user_twitter_omniauth_authorize GET|POST /users/auth/twitter(.:format) users/omniauth_callbacks#passthru
user_twitter_omniauth_callback GET|POST /users/auth/twitter/callback(.:format) users/omniauth_callbacks#twitter
user_facebook_omniauth_authorize GET|POST /users/auth/facebook(.:format) users/omniauth_callbacks#passthru
user_facebook_omniauth_callback GET|POST /users/auth/facebook/callback(.:format) users/omniauth_callbacks#facebook
user_google_oauth2_omniauth_authorize GET|POST /users/auth/google_oauth2(.:format) users/omniauth_callbacks#passthru
user_google_oauth2_omniauth_callback GET|POST /users/auth/google_oauth2/callback(.:format) users/omniauth_callbacks#google_oauth2
user_wordpress_oauth2_omniauth_authorize GET|POST /users/auth/wordpress_oauth2(.:format) users/omniauth_callbacks#passthru
user_wordpress_oauth2_omniauth_callback GET|POST /users/auth/wordpress_oauth2/callback(.:format) users/omniauth_callbacks#wordpress_oauth2
user_saml_omniauth_authorize GET|POST /users/auth/saml(.:format) users/omniauth_callbacks#passthru
user_saml_omniauth_callback GET|POST /users/auth/saml/callback(.:format) users/omniauth_callbacks#saml
user_oidc_omniauth_authorize GET|POST /users/auth/oidc(.:format) users/omniauth_callbacks#passthru
user_oidc_omniauth_callback GET|POST /users/auth/oidc/callback(.:format) users/omniauth_callbacks#oidc
```
So for example the URL for Facebook application would be `yourdomain.com/users/auth/facebook/callback`.
## 3. Set the key and secret values
When you complete the application registration you'll get a *key* and *secret* values, those need to be stored at your `config/secrets.yml` file:
```yml
twitter_key: ""
twitter_secret: ""
facebook_key: ""
facebook_secret: ""
google_oauth2_key: ""
google_oauth2_secret: ""
wordpress_oauth2_key: ""
wordpress_oauth2_secret: ""
wordpress_oauth2_site: ""
saml_sp_entity_id: "https://yoursp.org/entityid"
saml_idp_metadata_url: "https://youridp.org/api/saml/metadata"
saml_idp_sso_service_url: "https://youridp.org/api/saml/sso"
oidc_client_id: "your-oidc-client-id"
oidc_client_secret: "your-oidc-client-secret"
oidc_issuer: "https://your-oidc-provider.com"
```
Reference in New Issue View Git Blame Copy Permalink