omniauth_oidc 0.1.0 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ead4b54097f07fbdf676bb450ce3ba1b4d477b47f07b61e30ecd445706ced854
-  data.tar.gz: fe6e02df8acd530cdd2c4d6ec649e7914248eb42ec47b3573d4775f48449b7dd
+  metadata.gz: 219bb4ddd444b494db9e5c1ac72f93e66ef442d3c3243609e62485b186c5c9ff
+  data.tar.gz: b28c370148e1a6b3245c4f02defa7dde129354d66885807bcf0dd4d262a2a78d
 SHA512:
-  metadata.gz: 6c4e2b5d1aee856a8703bfb228e42e45d620d08e7dd8151ea39d484e6a1576f05433038fa357c933ca0a792e52d85b772e95d5660ff116ca0c0c41c04215785b
-  data.tar.gz: dc0dab4d599d6717589f0c160fee8755d28523a494c165bee1fba7b154a9ff873309e0d00b4d06653ac96bdbbd0e3b36efec92a258a8a0f0349dc545dac53321
+  metadata.gz: 8536b7161da3774d5246bb465de5c24d3cb87fd2b164763df1fb01df11e85c87538f314c5a3ada969ae9e43cfa4b0ccbb22c161034ff0b3da70b91d3b93832be
+  data.tar.gz: 183943792aa52d5fdccb05b77dcd66d65c5d4c1500936e153733692429c51457fb4da61b28b666c0ceebb04e9a925c04a8d17af4ed6033ce8d96b2da2b6dd512

data/CHANGELOG.md

@@ -1,4 +1,10 @@
 ## [Released]
 
+## [0.2.0] - 2024-07-06
+- Add option to fetch user info or skip it
+
+## [0.1.1] - 2024-06-16
+- Add dependabot
+
 ## [0.1.0] - 2024-06-13
 - Initial release

data/README.md

@@ -4,6 +4,8 @@ This gem provides an OmniAuth strategy for integrating OpenID Connect (OIDC) aut
 
 Developed with reference to [omniauth-openid-connect](https://github.com/jjbohn/omniauth-openid-connect) and [omniauth_openid_connect](https://github.dev/omniauth/omniauth_openid_connect).
 
+[Article on Medium](https://msuliq.medium.com/authenticating-with-omniauth-and-openid-connect-oidc-in-ruby-on-rails-applications-e136ec5b48c0) about the development of this gem.
+
 ## Installation
 
 To install the gem run the following command in the terminal:
@@ -157,6 +159,48 @@ end
 **Please note that you should register `https://your_app.com/auth/<simple_provider>/callback` with your OIDC provider
 as a callback redirect url.**
 
+### Using Access Token Without User Info
+
+In case your app requries only an access token and not the user information, then you can specify an optional
+configuration in the omniauth initializer:
+
+```ruby
+# config/initializers/omniauth.rb
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :oidc, {
+    name: :simple_provider_access_token_only,
+    fetch_user_info: false, # if not specified, default value of true will be applied
+    client_options: {
+      identifier: '23575f4602bebbd9a17dbc38d85bd1a77',
+      secret: ENV['SIMPLE_PROVIDER_CLIENT_SECRET'],
+      config_endpoint: 'https://simpleprovider.com/cdn-cgi/access/sso/oidc/23575f4602bebbd9a17dbc38d85bd1a77/.well-known/openid-configuration'
+    }
+  }
+end
+```
+
+Then the callback returned once your user authenticates with the OIDC provider will contain only access token parameters:
+
+```ruby
+# app/controllers/callbacks_controller.rb
+class CallbacksController < ApplicationController
+  def omniauth
+    # access token parameters received from OIDC provider will be available in `request.env['omniauth.auth']`
+    omniauth_params = request.env['omniauth.auth']
+
+    # omniauth_params will contain similar data as shown below
+    # {"provider"=>:simple_provider_access_token_only,
+    #  "credentials"=>
+    #   {"id_token"=> "id token value",
+    #    "token"=> "token value",
+    #    "refresh_token"=>"refresh token value",
+    #    "expires_in"=>300,
+    #    "scope"=>nil
+    #   }
+    # }
+  end
+end
+```
 
 ### Advanced Configuration
 You can customize the OIDC strategy further by adding additional configuration options:
@@ -165,6 +209,7 @@ You can customize the OIDC strategy further by adding additional configuration o
 |------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------|-------------------------------------|-------------------------------------------------------|
 | name                         | Arbitrary string to identify OIDC provider and segregate it from other OIDC providers                                                                                 | no                      | `"oidc"`                            | `:simple_provider`                                    |
 | issuer                       | Root url for the OIDC authorization server                                                                                                                            | no                      | retrived from config_endpoint       | `"https://simpleprovider.com"`                        |
+| fetch_user_info              | Fetches user information from user_info_endpoint using the access token. If set to false the omniauth params will include only access token                           | no                      | `true`                              | `fetch_user_info: false`                              |
 | client_auth_method           | Authentication method to be used with the OIDC authorization server                                                                                                   | no                      | `:basic`                            | `"basic"`, `"jwks"`                                   |
 | scope                        | OIDC scopes to be included in the server's response                                                                                                                   | `[:openid]` is required | all scopes offered by OIDC provider | `[:openid, :profile, :email]`                         |
 | response_type                | OAuth2 response type expected from OIDC provider during authorization                                                                                                 | no                      | `"code"`                            | `"code"` or `"id_token"`                              |

data/lib/omniauth/oidc/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module OmniauthOidc
-  VERSION = "0.1.0"
+  VERSION = "0.2.0"
 end

data/lib/omniauth/strategies/oidc/callback.rb

@@ -58,7 +58,7 @@ module OmniAuth
 
           verify_id_token!(@access_token.id_token) if configured_response_type == "code"
 
-          user_info_from_access_token
+          options.fetch_user_info ? user_info_from_access_token : define_access_token
         end
 
         def id_token_callback_phase
@@ -106,6 +106,20 @@ module OmniAuth
           call_app!
         end
 
+        def define_access_token
+          env["omniauth.auth"] = AuthHash.new(
+            provider: name,
+            credentials: {
+              id_token: @access_token.id_token,
+              token: @access_token.access_token,
+              refresh_token: @access_token.refresh_token,
+              expires_in: @access_token.expires_in,
+              scope: @access_token.scope
+            }
+          )
+          call_app!
+        end
+
         def configured_response_type
           @configured_response_type ||= options.response_type.to_s
         end

data/lib/omniauth/strategies/oidc.rb

@@ -61,6 +61,7 @@ module OmniAuth
       option :id_token_hint
       option :acr_values
       option :send_nonce, true
+      option :fetch_user_info, true
       option :send_scope_to_token_endpoint, true
       option :client_auth_method
       option :post_logout_redirect_uri

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: omniauth_oidc
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - Suleyman Musayev
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2024-06-13 00:00:00.000000000 Z
+date: 2024-07-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: httparty