consul/nairobi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
7f749bb9bb8eefa5113c0c44f9211bfb7f386a16
nairobi/app/controllers/users/omniauth_callbacks_controller.rb
Anamika Aggarwal 5e263baed2 Add OIDC section for sign in and sign up page 
- name: :oidc → Identifier for this login provider in the app.
- scope: [:openid, :email, :profile] → Tells the provider we want the user’s ID (openid), their email, and basic profile info (name, picture, etc.).
- response_type: :code → Uses Authorization Code Flow, which is more secure because tokens are not exposed in the URL.
- issuer: Rails.application.secrets.oidc_issuer → The base URL of the OIDC provider (e.g., Auth0). Used to find its config.
- discovery: true → Automatically fetches the provider’s endpoints from its discovery document instead of manually setting them.
- client_auth_method: :basic → Sends client ID and secret using HTTP Basic Auth when exchanging the code for tokens.

Add system tests for OIDC Auth

Edit the oauth docs to support OIDC auth
2025-08-29 12:20:16 +02:00

60 lines
1.4 KiB
Ruby
Raw Blame History

class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
skip_before_action :verify_authenticity_token, only: :saml
def twitter
sign_in_with :twitter_login, :twitter
end
def facebook
sign_in_with :facebook_login, :facebook
end
def google_oauth2
sign_in_with :google_login, :google_oauth2
end
def wordpress_oauth2
sign_in_with :wordpress_login, :wordpress_oauth2
end
def saml
sign_in_with :saml_login, :saml
end
def oidc
sign_in_with :oidc_login, :oidc
end
def after_sign_in_path_for(resource)
if resource.registering_with_oauth
finish_signup_path
else
super
end
end
private
def sign_in_with(feature, provider)
raise ActionController::RoutingError, "Not Found" unless Setting["feature.#{feature}"]
auth = request.env["omniauth.auth"]
identity = Identity.first_or_create_from_oauth(auth)
@user = current_user || identity.user || User.first_or_initialize_for_oauth(auth)
if save_user
identity.update!(user: @user)
sign_in_and_redirect @user, event: :authentication
set_flash_message(:notice, :success, kind: provider.to_s.capitalize) if is_navigational_format?
else
session["devise.#{provider}_data"] = auth
redirect_to new_user_registration_path
end
end
def save_user
@user.save || @user.save_requiring_finish_signup
end
end
Reference in New Issue View Git Blame Copy Permalink