omniauth-proconnect 0.3.0 → 0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +2 -0
- data/.rubocop_todo.yml +20 -0
- data/README.md +68 -2
- data/lib/omniauth/proconnect/version.rb +1 -1
- data/lib/omniauth/proconnect.rb +20 -7
- metadata +6 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 22b5aa93fbeaed22dcd94aae481c679e1a7c1643fc55ab44156b5b40d57b45f0
|
|
4
|
+
data.tar.gz: 90f7a2ba844b68e401c5a6bb033fb3c52434a6d9ea96ac1bdcfb177813480103
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f1e34f86a8434d76ea23fa8e838889fd64c3cdffd98a6e9746829549c3ec33482c293b5e38d99f8816cdefaba287359a58273b76bbead12d8ab8f502de3edd5a
|
|
7
|
+
data.tar.gz: 2d47a040f566c42873756f87087d05d36a4974994c67ff2ef546f6e300b213db87b89f91a4bd6b1eaff788eb6c2f97f8e5359b1ba576976c7bd052d5f9aa3d02
|
data/.rubocop.yml
CHANGED
data/.rubocop_todo.yml
ADDED
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
# This configuration was generated by
|
|
2
|
+
# `rubocop --auto-gen-config`
|
|
3
|
+
# on 2025-05-23 15:10:03 UTC using RuboCop version 1.75.4.
|
|
4
|
+
# The point is for the user to remove these configuration records
|
|
5
|
+
# one by one as the offenses are removed from the code base.
|
|
6
|
+
# Note that changes in the inspected code, or installation of new
|
|
7
|
+
# versions of RuboCop, may require this file to be generated again.
|
|
8
|
+
|
|
9
|
+
# Offense count: 1
|
|
10
|
+
# Configuration parameters: CountComments, CountAsOne.
|
|
11
|
+
Metrics/ClassLength:
|
|
12
|
+
Max: 123
|
|
13
|
+
|
|
14
|
+
# Offense count: 1
|
|
15
|
+
# Configuration parameters: AllowedConstants.
|
|
16
|
+
Style/Documentation:
|
|
17
|
+
Exclude:
|
|
18
|
+
- 'spec/**/*'
|
|
19
|
+
- 'test/**/*'
|
|
20
|
+
- 'lib/omniauth/proconnect.rb'
|
data/README.md
CHANGED
|
@@ -15,13 +15,18 @@ générique
|
|
|
15
15
|
[`omniauth_openid_connect`](https://github.com/omniauth/omniauth_openid_connect)
|
|
16
16
|
qui malgré son degré de maturité supérieure semble à l'abandon aussi.
|
|
17
17
|
|
|
18
|
+
La suite du README décrit brièvement la configuration de la librairie. Si vous
|
|
19
|
+
n'êtes pas encore familier avec OIDC et OmniAuth, un [guide complet de
|
|
20
|
+
configuration d'omniauth-proconnect est aussi disponible sur le
|
|
21
|
+
wiki](https://github.com/betagouv/omniauth-proconnect/wiki/Guide-de-connexion).
|
|
22
|
+
|
|
18
23
|
## Utilisation
|
|
19
24
|
|
|
20
25
|
Une fois que vous avez créé votre application sur [l'espace
|
|
21
26
|
partenaires de
|
|
22
27
|
ProConnect](https://partenaires.proconnect.gouv.fr/apps) et identifié
|
|
23
28
|
vos endpoints grâce à leur [documentation
|
|
24
|
-
technique](https://partenaires.proconnect.gouv.fr/docs/fournisseur-service/implementation_technique)
|
|
29
|
+
technique](https://partenaires.proconnect.gouv.fr/docs/fournisseur-service/implementation_technique)
|
|
25
30
|
:
|
|
26
31
|
|
|
27
32
|
1. installer la gem `bundle add omniauth-proconnect` ;
|
|
@@ -44,7 +49,11 @@ Rails.application.config.middleware.use OmniAuth::Builder do
|
|
|
44
49
|
end
|
|
45
50
|
```
|
|
46
51
|
|
|
47
|
-
|
|
52
|
+
**⚠️ NOTE :** [La valeur de `PROCONNECT_DOMAIN` doit finir par
|
|
53
|
+
`/api/v2`](https://partenaires.proconnect.gouv.fr/docs/fournisseur-service/implementation_technique#12-valeur-de-proconnect_domain),
|
|
54
|
+
ce n'est pas seulement l'hôte. C.f https://github.com/betagouv/omniauth-proconnect/issues/5
|
|
55
|
+
|
|
56
|
+
3. envoyez votre utilisateur sur la stratégie :
|
|
48
57
|
|
|
49
58
|
```erb
|
|
50
59
|
<%= button_to "Se connecter via ProConnect", "/auth/proconnect", method: :post, remote: false, data: { turbo: false } %>
|
|
@@ -59,6 +68,63 @@ end
|
|
|
59
68
|
redirect_to "/auth/proconnect/logout"
|
|
60
69
|
```
|
|
61
70
|
|
|
71
|
+
## Informations retournées
|
|
72
|
+
|
|
73
|
+
Les [informations retournées par
|
|
74
|
+
ProConnect](https://partenaires.proconnect.gouv.fr/docs/fournisseur-service/scope-claims)
|
|
75
|
+
sont mises à diposition dans le hash OmniAuth
|
|
76
|
+
(`request.env["omniauth.auth"]`) :
|
|
77
|
+
|
|
78
|
+
- la partie `info` contient tout ce qui peut être standardisé [selon
|
|
79
|
+
le Auth Hash Schema d'Omniauth](https://github.com/omniauth/omniauth/wiki/Auth-Hash-Schema)
|
|
80
|
+
- le reste/l'intégralité est disponible dans `extra`.
|
|
81
|
+
|
|
82
|
+
Exemple :
|
|
83
|
+
|
|
84
|
+
```json
|
|
85
|
+
{
|
|
86
|
+
"provider": "proconnect",
|
|
87
|
+
"uid": "e7a41249-123d-46b7-b362-5f00d3166ea1",
|
|
88
|
+
"info": {
|
|
89
|
+
"email": "test@gouv.fr",
|
|
90
|
+
"first_name": null,
|
|
91
|
+
"last_name": null,
|
|
92
|
+
"name": "",
|
|
93
|
+
"phone": null,
|
|
94
|
+
"provider": "proconnect",
|
|
95
|
+
"uid": "e7a41249-123d-46b7-b362-5f00d3166ea1"
|
|
96
|
+
},
|
|
97
|
+
"credentials": {},
|
|
98
|
+
"extra": {
|
|
99
|
+
"raw_info": {
|
|
100
|
+
"sub": "e7a41249-123d-46b7-b362-5f00d3166ea1",
|
|
101
|
+
"email": "test@gouv.fr",
|
|
102
|
+
"siret": "13002526500013",
|
|
103
|
+
"aud": "f90c1231117ec6f731af9f93a07c54ff372130c17a3bbad43488699865d85c64",
|
|
104
|
+
"exp": 1748010049,
|
|
105
|
+
"iat": 1748009989,
|
|
106
|
+
"iss": "https://issuer-oidc.gouv.fr/api/v42"
|
|
107
|
+
}
|
|
108
|
+
}
|
|
109
|
+
}
|
|
110
|
+
```
|
|
111
|
+
|
|
112
|
+
```ruby
|
|
113
|
+
class SessionsController < ApplicationController
|
|
114
|
+
def create
|
|
115
|
+
data = request.env["omniauth.auth"]
|
|
116
|
+
|
|
117
|
+
email = data.info.email
|
|
118
|
+
siret = data.extra.raw_info.siret
|
|
119
|
+
|
|
120
|
+
# or, if you're feeling fancy
|
|
121
|
+
data => { info: { email: }, extra: { raw_info: { siret: } } }
|
|
122
|
+
|
|
123
|
+
# [...]
|
|
124
|
+
end
|
|
125
|
+
end
|
|
126
|
+
```
|
|
127
|
+
|
|
62
128
|
## Contribution
|
|
63
129
|
|
|
64
130
|
La stratégie est loin d'être complète ; n'hésitez pas à contribuer des
|
data/lib/omniauth/proconnect.rb
CHANGED
|
@@ -47,20 +47,33 @@ module OmniAuth
|
|
|
47
47
|
end
|
|
48
48
|
end
|
|
49
49
|
|
|
50
|
-
|
|
51
|
-
|
|
50
|
+
# userinfo-operating DSL from OmniAuth
|
|
51
|
+
uid do
|
|
52
|
+
@userinfo["sub"]
|
|
52
53
|
end
|
|
53
54
|
|
|
54
|
-
|
|
55
|
+
info do
|
|
55
56
|
{
|
|
56
|
-
email: @userinfo["email"]
|
|
57
|
+
email: @userinfo["email"],
|
|
58
|
+
first_name: @userinfo["given_name"],
|
|
59
|
+
last_name: @userinfo["usual_name"],
|
|
60
|
+
name: [@userinfo["given_name"], @userinfo["usual_name"]].compact.join(" "),
|
|
61
|
+
phone: @userinfo["phone_number"],
|
|
62
|
+
provider: "proconnect",
|
|
63
|
+
uid: @userinfo["sub"]
|
|
57
64
|
}
|
|
58
65
|
end
|
|
59
66
|
|
|
67
|
+
extra do
|
|
68
|
+
{ raw_info: @userinfo }
|
|
69
|
+
end
|
|
70
|
+
|
|
60
71
|
private
|
|
61
72
|
|
|
62
73
|
def connection
|
|
63
74
|
@connection ||= Faraday.new(url: options[:proconnect_domain]) do |c|
|
|
75
|
+
c.request :url_encoded
|
|
76
|
+
|
|
64
77
|
c.response :json
|
|
65
78
|
c.response :raise_error
|
|
66
79
|
end
|
|
@@ -71,9 +84,7 @@ module OmniAuth
|
|
|
71
84
|
end
|
|
72
85
|
|
|
73
86
|
def discover_endpoint!
|
|
74
|
-
connection
|
|
75
|
-
.get(".well-known/openid-configuration")
|
|
76
|
-
.body
|
|
87
|
+
connection.get(".well-known/openid-configuration").body
|
|
77
88
|
end
|
|
78
89
|
|
|
79
90
|
def authorization_uri
|
|
@@ -147,9 +158,11 @@ module OmniAuth
|
|
|
147
158
|
end
|
|
148
159
|
|
|
149
160
|
def verify_state!(other_state)
|
|
161
|
+
# rubocop:disable Style/GuardClause
|
|
150
162
|
if other_state != current_state
|
|
151
163
|
raise "a request came back with a different 'state' parameter than what we had last stored."
|
|
152
164
|
end
|
|
165
|
+
# rubocop:enable Style/GuardClause
|
|
153
166
|
end
|
|
154
167
|
end
|
|
155
168
|
end
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: omniauth-proconnect
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: '0.5'
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Stéphane Maniaci
|
|
8
8
|
bindir: exe
|
|
9
9
|
cert_chain: []
|
|
10
|
-
date: 2025-05
|
|
10
|
+
date: 2025-11-05 00:00:00.000000000 Z
|
|
11
11
|
dependencies:
|
|
12
12
|
- !ruby/object:Gem::Dependency
|
|
13
13
|
name: faraday
|
|
@@ -51,8 +51,9 @@ dependencies:
|
|
|
51
51
|
- - ">="
|
|
52
52
|
- !ruby/object:Gem::Version
|
|
53
53
|
version: '0'
|
|
54
|
-
description:
|
|
55
|
-
|
|
54
|
+
description: |
|
|
55
|
+
An OmniAuth strategy for ProConnect, an official
|
|
56
|
+
OIDC solution for French professionnals to login.
|
|
56
57
|
email:
|
|
57
58
|
- stephane.maniaci@gmail.com
|
|
58
59
|
executables: []
|
|
@@ -61,6 +62,7 @@ extra_rdoc_files: []
|
|
|
61
62
|
files:
|
|
62
63
|
- ".rspec"
|
|
63
64
|
- ".rubocop.yml"
|
|
65
|
+
- ".rubocop_todo.yml"
|
|
64
66
|
- LICENSE.txt
|
|
65
67
|
- README.md
|
|
66
68
|
- Rakefile
|