linkedin_openid_sign_in 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: f13602126171ac7fb7e1968d8f0bffeccb8461d39d2dbcd02a2ca7c1d9190060
+  data.tar.gz: d3997463861d587f6d93eb7808ab66400a9f1411be0f8e8f4e7355ab8d8620e8
+SHA512:
+  metadata.gz: c7c904ad2cda94ac403435d3741d8f2e44737d7191bbac4c81757c466ccdc8043afb6420cb8f8ba8c076829aabbaf80608fc17b23d26bab601a1223d40f0ef75
+  data.tar.gz: a3dd97d3550fdb3283b6ed0f1987dd10c9c86e3685d311cb7281804dd643e8311466fa73c35d393c0637cbd364177e558ab036aa66f8a0ff7497da404a003aa4

data/README.md

@@ -0,0 +1,113 @@
+# LinkedIn Sign-In for Rails
+This gem enables you to add LinkedIn sign-in functionality to your Rails app. With it, users can sign up for and sign in to your service using their LinkedIn accounts. This gem is highly inspired by [google_sign_in](https://github.com/basecamp/google_sign_in), and its configuration and usage are very similar.
+
+## Installation
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'linkedin_openid_sign_in'
+```
+
+And then execute:
+```bash
+$ bundle
+```
+
+Or install it yourself as:
+```bash
+$ gem install linkedin_openid_sign_in
+```
+
+## Usage
+
+### Configuration
+
+Setup you LinkedIn app and get OAuth credentials  
+1. Go to [LinkedIn Developer Console](https://www.linkedin.com/developers/apps)
+2. Click "Create App" button on the top right corner
+3. Enter app name
+4. You need LinkedIn page, you can add existing page or create new one here. Page admin will have to accept your app.
+5. Add logo
+6. Click "Create App" button
+7. ⚠️IMPORTANT: Page admin will have to accept your app. You can check status on the top of the page.
+8. Click "Auth" tab
+9. Add "Authorized redirect URLs" (e.g. `http://localhost:3000/linkedin_openid_sign_in/callbacks#show`)
+
+   This gem use `/linkedin_openid_sign_in/callbacks` path as callback path and then redirect to provided `redirect_url` option
+
+10. Click "Save" button
+11. Copy "Client ID" and "Client Secret" and add to your Rails app credentials
+ex.: `EDITOR='code --wait' rails credentials:edit`
+
+```yaml
+linkedin_sign_in:
+  client_id: [Your client ID here]
+  client_secret: [Your client secret here]
+```
+
+## Usage
+
+### Link to login
+
+```
+<%= link_to 'Linkedin login', linkedin_openid_sign_in.sign_in_path(redirect_url: create_login_url) %>
+```
+
+### Callback redirect
+You can adjust `redirect_url` to your needs. It will be called after successful login.
+
+```ruby
+# config/routes.rb
+Rails.application.routes.draw do
+  # ...
+  get 'login/create', to: 'logins#create', as: :create_login
+end
+```
+
+```ruby
+# app/controllers/logins_controller.rb
+class LoginsController < ApplicationController
+  def create
+    if user = authenticate_with_google
+      cookies.signed[:user_id] = user.id
+      redirect_to user
+    else
+      redirect_to new_session_url, alert: 'authentication_failed'
+    end
+  end
+
+  private
+    def authenticate_with_google
+      if sub = flash[:linkedin_sign_in]['sub']
+        User.find_by linkedin_id: sub
+      elsif flash[:linkedin_sign_in]
+        nil
+      end
+    end
+end
+```
+
+### Success response
+Response is stored in `flash[:linkedin_sign_in]` and contains following keys:
+```ruby
+    {
+        'iss': 'https://www.linkedin.com',
+        'aud': 'aud',
+        'iat': 1700919389,
+        'exp': 1700919389,
+        'sub': 'sub',
+        'email': 'btolarz@gmail.com',
+        'email_verified': true,
+        'locale': 'en_US'
+    }
+```
+
+Check details on https://learn.microsoft.com/en-us/linkedin/consumer/integrations/self-serve/sign-in-with-linkedin-v2?context=linkedin%2Fconsumer%2Fcontext#id-token-payload
+
+### Failure response
+
+1. InvalidState - raised when returned state is different than stored state
+2. Error from linkedIn - returned in `flash[:linkedin_sign_in][:error]` and `flash[:linkedin_sign_in][:error_description]` ex.: `user_cancelled_login`
+
+## License
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,11 @@
+require "bundler/setup"
+require "bundler/gem_tasks"
+require "rake/testtask"
+
+Rake::TestTask.new do |test|
+  test.libs << "test"
+  test.test_files = FileList["test/**/*_test.rb"]
+  test.warning = false
+end
+
+task default: :test

data/app/controllers/linkedin_openid_sign_in/callbacks_controller.rb

@@ -0,0 +1,65 @@
+module LinkedinOpenidSignIn
+  class CallbacksController < ActionController::Base
+    InvalidState = Class.new(StandardError)
+
+    def show
+      flash_data = flash[:linkedin_sign_in].symbolize_keys
+
+      raise InvalidState.new("Invalid state") if params[:state].blank? || params[:state] != flash_data[:state]
+
+      data = if params[:error].present?
+               {
+                error: params[:error],
+                error_description: params[:error_description]
+               }
+             elsif token
+               json = JSON.parse(token)
+               decode_token(json['id_token']).merge(access_token: json['access_token'])
+             else
+               {
+                 error: 'invalid_token',
+                 error_description: 'Returned token is invalid'
+               }
+             end
+
+      redirect_to flash_data[:redirect_url], flash: { linkedin_sign_in: data.symbolize_keys }
+    end
+
+    private
+
+    def state
+      @state ||= session[:linkedin_sign_in_state]
+    end
+
+    def redirect_url
+      @redirect_url ||= session[:linkedin_sign_in_redirect_url]
+    end
+
+    def token
+      return @token if defined? @token
+
+      url = URI("https://www.linkedin.com/oauth/v2/accessToken")
+
+      https = Net::HTTP.new(url.host, url.port)
+      https.use_ssl = true
+
+      request = Net::HTTP::Post.new(url)
+      request["Content-Type"] = "application/x-www-form-urlencoded"
+      request.body = "code=#{params[:code]}" +
+        "&client_id=#{LinkedinOpenidSignIn.client_id}" +
+        "&client_secret=#{LinkedinOpenidSignIn.client_secret}" +
+        "&redirect_uri=#{callback_url}" +
+        "&grant_type=authorization_code"
+
+      response = https.request(request)
+      @token = response.body
+    rescue StandardError => e
+      logger.error(e)
+      nil
+    end
+
+    def decode_token(token)
+      JWT.decode(token, nil, false, { algorithm: 'RS256' })[0]
+    end
+  end
+end

data/app/controllers/linkedin_openid_sign_in/sign_in_controller.rb

@@ -0,0 +1,27 @@
+module LinkedinOpenidSignIn
+  class SignInController < ActionController::Base
+    def show
+      client_id = LinkedinOpenidSignIn.client_id
+      scope = LinkedinOpenidSignIn.options[:scope]
+
+      linkedin_url = "https://www.linkedin.com/oauth/v2/authorization?response_type=code"+
+        "&client_id=#{client_id}" +
+        "&redirect_uri=#{callback_url}" +
+        "&state=#{state}" +
+        "&scope=#{scope}"
+
+      redirect_to linkedin_url, allow_other_host: true, flash: {
+                                                                  linkedin_sign_in: {
+                                                                    state: state,
+                                                                    redirect_url: params[:redirect_url]
+                                                                  }
+                                                                }
+    end
+
+    private
+
+    def state
+      @state ||= SecureRandom.urlsafe_base64(24)
+    end
+  end
+end

data/config/routes.rb

@@ -0,0 +1,4 @@
+LinkedinOpenidSignIn::Engine.routes.draw do
+  get '/sign_in', to: 'sign_in#show'
+  get '/callback', to: 'callbacks#show'
+end

data/lib/linkedin_openid_sign_in/engine.rb

@@ -0,0 +1,28 @@
+require 'rails/engine'
+require 'linkedin_openid_sign_in' unless defined?(LinkedinOpenidSignIn)
+
+module LinkedinOpenidSignIn
+  class Engine < ::Rails::Engine
+    isolate_namespace LinkedinOpenidSignIn
+
+    config.linkedin_openid_sign_in = ActiveSupport::OrderedOptions.new.update options: LinkedinOpenidSignIn.options
+
+    initializer 'linkedin_openid_sign_in.config' do |app|
+      config.after_initialize do
+        LinkedinOpenidSignIn.client_id     = config.linkedin_openid_sign_in.client_id || app.credentials.dig(:linkedin_sign_in, :client_id)
+        LinkedinOpenidSignIn.client_secret = config.linkedin_openid_sign_in.client_secret || app.credentials.dig(:linkedin_sign_in, :client_secret)
+
+        LinkedinOpenidSignIn.options = {
+          scope: 'openid email'
+        }
+      end
+    end
+
+    initializer 'linkedin_openid_sign_in.mount' do |app|
+      app.routes.prepend do
+        mount LinkedinOpenidSignIn::Engine, at: app.config.linkedin_openid_sign_in.root || 'linkedin_openid_sign_in'
+      end
+    end
+
+  end
+end

data/lib/linkedin_openid_sign_in/version.rb

@@ -0,0 +1,3 @@
+module LinkedinOpenidSignIn
+  VERSION = "0.1.0"
+end

data/lib/linkedin_openid_sign_in.rb

@@ -0,0 +1,8 @@
+module LinkedinOpenidSignIn
+  mattr_accessor :client_id
+  mattr_accessor :client_secret
+  mattr_accessor :options, default: {}
+end
+
+require "linkedin_openid_sign_in/version"
+require 'linkedin_openid_sign_in/engine' if defined?(Rails) && !defined?(LinkedinOpenidSignIn::Engine)

metadata

@@ -0,0 +1,121 @@
+--- !ruby/object:Gem::Specification
+name: linkedin_openid_sign_in
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Bogusław Tolarz
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2023-12-03 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 5.2.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 5.2.0
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.5.6
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.5.6
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description:
+email:
+- btolarz@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- README.md
+- Rakefile
+- app/controllers/linkedin_openid_sign_in/callbacks_controller.rb
+- app/controllers/linkedin_openid_sign_in/sign_in_controller.rb
+- config/routes.rb
+- lib/linkedin_openid_sign_in.rb
+- lib/linkedin_openid_sign_in/engine.rb
+- lib/linkedin_openid_sign_in/version.rb
+homepage: https://github.com/btolarz/linkedin_sign_in
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.4.10
+signing_key:
+specification_version: 4
+summary: LinkedIn OpenId Sign In for Rails
+test_files: []