keycloak_oauth 0.1.3 → 0.1.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 45b0a220afa0ca575a22ed7fd5cf958dc4d7ad2450a116f3bdf7e5e3546d6eac
-  data.tar.gz: eeb8fcb58d29e1cf18d4cf3fadddbf184029576b97bb9194e4218f4889636f05
+  metadata.gz: 1700a23b09d7b728852b88e10c29de14be07c00c34a04f9342ec922c16b375b8
+  data.tar.gz: ae133f07b837f475631206d6dd3e3fbaa1c0807d00adf073e20e178c042e64bd
 SHA512:
-  metadata.gz: 58a27c6c046d783c0f83db3a8857d06aab9402e85d00a6d880eb0ad637d2b5f8a4e4c4e4df03065f03097bfda98439f735b8257d10c52046be85d0c210aeef3e
-  data.tar.gz: dc6cc4e9a90c8f78a09e3b2b90d19ca7973aea125678170ba2be0902d490eba1ff17cbcfcce9a22e78f9b85324f3bce77f5bb878a722dfc8113cf72b01505581
+  metadata.gz: 3528f127017bc5b92e01327483d7d455007dea1282620eb2b7e769550d63127c3f823104fc0bcf2f10482222ddc45816f6a84488e2dadcc2a864ea0ce1f256ea
+  data.tar.gz: 7e41f37021b9663a1c3f50e3dc151b5891a23400ac90252c36b91a2869ea1754ee1ae72581d43199b0c217378cbdab39bfca503b88a68044a0e9db7e7a5dd0bb

data/README.md

@@ -44,6 +44,16 @@ e.g.
 
 Once authentication is performed, the access and refresh tokens are stored in the session and can be used in your app as wished.
 
+***Customising redirect URIs***
+There are situations where you would want to customise the oauth2 route (e.g. to use a localised version of the callback URL).
+In this case, you can do the following:
+- add a controller to your app: e.g. `CallbackOverrides`
+- add the following to your routes.rb file: `get 'oauth2', to: 'callback_overrides#oauth2'`
+- add whatever logic you need in the controller, e.g. a `skip_before_action`; it can also be blank
+- add redirect URI to the authorization link:
+e.g.
+`<%= link_to 'Login with Keycloak', KeycloakOauth.connection.authorization_endpoint(options: {redirect_uri: 'http://myapp.com/en/oauth2'}) %>`
+
 **Keycloak callback URL**
 Keycloak needs a callback URL to send the authorization code to once a user logs in.
 By default, once authentication is performed, we redirect to the `/` path (i.e. whatever the root path is set to in the host app).

data/app/controllers/keycloak_oauth/callbacks_controller.rb

@@ -1,5 +1,5 @@
 module KeycloakOauth
-  class CallbacksController < ApplicationController
+  class CallbacksController < ::ApplicationController
     if KeycloakOauth.connection.callback_module.present?
       include KeycloakOauth.connection.callback_module
     end
@@ -7,7 +7,8 @@ module KeycloakOauth
     def oauth2
       authentication_service = KeycloakOauth::AuthenticationService.new(
         authentication_params: authentication_params,
-        session: session
+        session: session,
+        redirect_uri: current_uri_without_params
       )
       authentication_service.authenticate
       map_authenticatable_if_implemented(session)
@@ -28,5 +29,15 @@ module KeycloakOauth
         raise NotImplementedError.new('User mapping must be handled by the host app. See README for more information.')
       end
     end
+
+    def current_uri_without_params
+      # If the host app has overwritten the route (e.g. to enable localised
+      # callbacks), this ensures we are using the path coming from the host app
+      # instead of the one coming from the engine.
+      main_app.url_for(only_path: false, overwrite_params: nil)
+    rescue ActionController::UrlGenerationError
+      # If the host app does not override the oauth2 path, use the engine's path.
+      oauth2_path
+    end
   end
 end

data/app/services/keycloak_oauth/authentication_service.rb

@@ -9,11 +9,12 @@ module KeycloakOauth
     ACCESS_TOKEN_KEY = 'access_token'.freeze
     REFRESH_TOKEN_KEY = 'refresh_token'.freeze
 
-    attr_reader :code, :session
+    attr_reader :session
 
-    def initialize(authentication_params:, session:)
+    def initialize(authentication_params:, session:, redirect_uri:)
       @code = authentication_params[:code]
       @session = session
+      @redirect_uri = redirect_uri
     end
 
     def authenticate
@@ -22,6 +23,8 @@ module KeycloakOauth
 
     private
 
+    attr_reader :code, :redirect_uri
+
     def get_tokens
       uri = URI.parse(KeycloakOauth.connection.authentication_endpoint)
       Net::HTTP.start(uri.host, uri.port) do |http|
@@ -37,7 +40,8 @@ module KeycloakOauth
         client_id: KeycloakOauth.connection.client_id,
         client_secret: KeycloakOauth.connection.client_secret,
         grant_type: GRANT_TYPE,
-        code: code
+        code: code,
+        redirect_uri: redirect_uri
       }
     end
 

data/lib/keycloak_oauth/endpoints.rb

@@ -5,6 +5,8 @@ module KeycloakOauth
     def authorization_endpoint(options: {})
       endpoint = "#{auth_url}/realms/#{realm}/protocol/openid-connect/auth?client_id=#{client_id}"
       endpoint += "&response_type=#{options[:response_type] || DEFAULT_RESPONSE_TYPE}"
+      endpoint += "&redirect_uri=#{options[:redirect_uri]}" if options[:redirect_uri].present?
+      endpoint
     end
 
     def authentication_endpoint

data/lib/keycloak_oauth/version.rb

@@ -1,3 +1,3 @@
 module KeycloakOauth
-  VERSION = "0.1.3"
+  VERSION = "0.1.4"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: keycloak_oauth
 version: !ruby/object:Gem::Version
-  version: 0.1.3
+  version: 0.1.4
 platform: ruby
 authors:
 - simplificator
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2020-10-27 00:00:00.000000000 Z
+date: 2020-11-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -67,7 +67,6 @@ extra_rdoc_files: []
 files:
 - README.md
 - Rakefile
-- app/controllers/keycloak_oauth/application_controller.rb
 - app/controllers/keycloak_oauth/callbacks_controller.rb
 - app/services/keycloak_oauth/authentication_service.rb
 - app/services/keycloak_oauth/user_info_retrieval_service.rb

data/app/controllers/keycloak_oauth/application_controller.rb

@@ -1,5 +0,0 @@
-module KeycloakOauth
-  class ApplicationController < ActionController::Base
-    protect_from_forgery with: :exception
-  end
-end