5e263baed2
- name: :oidc → Identifier for this login provider in the app. - scope: [:openid, :email, :profile] → Tells the provider we want the user’s ID (openid), their email, and basic profile info (name, picture, etc.). - response_type: :code → Uses Authorization Code Flow, which is more secure because tokens are not exposed in the URL. - issuer: Rails.application.secrets.oidc_issuer → The base URL of the OIDC provider (e.g., Auth0). Used to find its config. - discovery: true → Automatically fetches the provider’s endpoints from its discovery document instead of manually setting them. - client_auth_method: :basic → Sends client ID and secret using HTTP Basic Auth when exchanging the code for tokens. Add system tests for OIDC Auth Edit the oauth docs to support OIDC auth
79 lines
2.5 KiB
Ruby
79 lines
2.5 KiB
Ruby
module OmniauthTenantSetup
|
|
class << self
|
|
def twitter(env)
|
|
oauth(env, secrets.twitter_key, secrets.twitter_secret)
|
|
end
|
|
|
|
def facebook(env)
|
|
oauth2(env, secrets.facebook_key, secrets.facebook_secret)
|
|
end
|
|
|
|
def google_oauth2(env)
|
|
oauth2(env, secrets.google_oauth2_key, secrets.google_oauth2_secret)
|
|
end
|
|
|
|
def wordpress_oauth2(env)
|
|
oauth2(env, secrets.wordpress_oauth2_key, secrets.wordpress_oauth2_secret)
|
|
end
|
|
|
|
def saml(env)
|
|
saml_auth(env, secrets.saml_sp_entity_id,
|
|
secrets.saml_idp_metadata_url, secrets.saml_idp_sso_service_url)
|
|
end
|
|
|
|
def oidc(env)
|
|
oidc_auth(env, secrets.oidc_client_id,
|
|
secrets.oidc_client_secret, secrets.oidc_issuer, secrets.oidc_redirect_uri)
|
|
end
|
|
|
|
private
|
|
|
|
def oauth(env, key, secret)
|
|
unless Tenant.default?
|
|
env["omniauth.strategy"].options[:consumer_key] = key
|
|
env["omniauth.strategy"].options[:consumer_secret] = secret
|
|
end
|
|
end
|
|
|
|
def oauth2(env, key, secret)
|
|
unless Tenant.default?
|
|
env["omniauth.strategy"].options[:client_id] = key
|
|
env["omniauth.strategy"].options[:client_secret] = secret
|
|
end
|
|
end
|
|
|
|
def saml_auth(env, sp_entity_id, idp_metadata_url, idp_sso_service_url)
|
|
unless Tenant.default?
|
|
strategy = env["omniauth.strategy"]
|
|
|
|
strategy.options[:sp_entity_id] = sp_entity_id if sp_entity_id.present?
|
|
strategy.options[:idp_metadata_url] = idp_metadata_url if idp_metadata_url.present?
|
|
strategy.options[:idp_sso_service_url] = idp_sso_service_url if idp_sso_service_url.present?
|
|
|
|
if strategy.options[:issuer].present? && sp_entity_id.present?
|
|
strategy.options[:issuer] = sp_entity_id
|
|
end
|
|
|
|
if strategy.options[:idp_metadata].present? && idp_metadata_url.present?
|
|
strategy.options[:idp_metadata] = idp_metadata_url
|
|
end
|
|
end
|
|
end
|
|
|
|
def oidc_auth(env, client_id, client_secret, issuer, redirect_uri)
|
|
unless Tenant.default?
|
|
strategy = env["omniauth.strategy"]
|
|
|
|
strategy.options[:client_id] = client_id if client_id.present?
|
|
strategy.options[:client_secret] = client_secret if client_secret.present?
|
|
strategy.options[:issuer] = issuer if issuer.present?
|
|
strategy.options[:redirect_uri] = redirect_uri if redirect_uri.present?
|
|
end
|
|
end
|
|
|
|
def secrets
|
|
Tenant.current_secrets
|
|
end
|
|
end
|
|
end
|