omniauth_oidc 0.1.1 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/README.md +45 -0
- data/lib/omniauth/oidc/version.rb +1 -1
- data/lib/omniauth/strategies/oidc/callback.rb +15 -1
- data/lib/omniauth/strategies/oidc.rb +1 -0
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 219bb4ddd444b494db9e5c1ac72f93e66ef442d3c3243609e62485b186c5c9ff
|
4
|
+
data.tar.gz: b28c370148e1a6b3245c4f02defa7dde129354d66885807bcf0dd4d262a2a78d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8536b7161da3774d5246bb465de5c24d3cb87fd2b164763df1fb01df11e85c87538f314c5a3ada969ae9e43cfa4b0ccbb22c161034ff0b3da70b91d3b93832be
|
7
|
+
data.tar.gz: 183943792aa52d5fdccb05b77dcd66d65c5d4c1500936e153733692429c51457fb4da61b28b666c0ceebb04e9a925c04a8d17af4ed6033ce8d96b2da2b6dd512
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
@@ -4,6 +4,8 @@ This gem provides an OmniAuth strategy for integrating OpenID Connect (OIDC) aut
|
|
4
4
|
|
5
5
|
Developed with reference to [omniauth-openid-connect](https://github.com/jjbohn/omniauth-openid-connect) and [omniauth_openid_connect](https://github.dev/omniauth/omniauth_openid_connect).
|
6
6
|
|
7
|
+
[Article on Medium](https://msuliq.medium.com/authenticating-with-omniauth-and-openid-connect-oidc-in-ruby-on-rails-applications-e136ec5b48c0) about the development of this gem.
|
8
|
+
|
7
9
|
## Installation
|
8
10
|
|
9
11
|
To install the gem run the following command in the terminal:
|
@@ -157,6 +159,48 @@ end
|
|
157
159
|
**Please note that you should register `https://your_app.com/auth/<simple_provider>/callback` with your OIDC provider
|
158
160
|
as a callback redirect url.**
|
159
161
|
|
162
|
+
### Using Access Token Without User Info
|
163
|
+
|
164
|
+
In case your app requries only an access token and not the user information, then you can specify an optional
|
165
|
+
configuration in the omniauth initializer:
|
166
|
+
|
167
|
+
```ruby
|
168
|
+
# config/initializers/omniauth.rb
|
169
|
+
Rails.application.config.middleware.use OmniAuth::Builder do
|
170
|
+
provider :oidc, {
|
171
|
+
name: :simple_provider_access_token_only,
|
172
|
+
fetch_user_info: false, # if not specified, default value of true will be applied
|
173
|
+
client_options: {
|
174
|
+
identifier: '23575f4602bebbd9a17dbc38d85bd1a77',
|
175
|
+
secret: ENV['SIMPLE_PROVIDER_CLIENT_SECRET'],
|
176
|
+
config_endpoint: 'https://simpleprovider.com/cdn-cgi/access/sso/oidc/23575f4602bebbd9a17dbc38d85bd1a77/.well-known/openid-configuration'
|
177
|
+
}
|
178
|
+
}
|
179
|
+
end
|
180
|
+
```
|
181
|
+
|
182
|
+
Then the callback returned once your user authenticates with the OIDC provider will contain only access token parameters:
|
183
|
+
|
184
|
+
```ruby
|
185
|
+
# app/controllers/callbacks_controller.rb
|
186
|
+
class CallbacksController < ApplicationController
|
187
|
+
def omniauth
|
188
|
+
# access token parameters received from OIDC provider will be available in `request.env['omniauth.auth']`
|
189
|
+
omniauth_params = request.env['omniauth.auth']
|
190
|
+
|
191
|
+
# omniauth_params will contain similar data as shown below
|
192
|
+
# {"provider"=>:simple_provider_access_token_only,
|
193
|
+
# "credentials"=>
|
194
|
+
# {"id_token"=> "id token value",
|
195
|
+
# "token"=> "token value",
|
196
|
+
# "refresh_token"=>"refresh token value",
|
197
|
+
# "expires_in"=>300,
|
198
|
+
# "scope"=>nil
|
199
|
+
# }
|
200
|
+
# }
|
201
|
+
end
|
202
|
+
end
|
203
|
+
```
|
160
204
|
|
161
205
|
### Advanced Configuration
|
162
206
|
You can customize the OIDC strategy further by adding additional configuration options:
|
@@ -165,6 +209,7 @@ You can customize the OIDC strategy further by adding additional configuration o
|
|
165
209
|
|------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------|-------------------------------------|-------------------------------------------------------|
|
166
210
|
| name | Arbitrary string to identify OIDC provider and segregate it from other OIDC providers | no | `"oidc"` | `:simple_provider` |
|
167
211
|
| issuer | Root url for the OIDC authorization server | no | retrived from config_endpoint | `"https://simpleprovider.com"` |
|
212
|
+
| fetch_user_info | Fetches user information from user_info_endpoint using the access token. If set to false the omniauth params will include only access token | no | `true` | `fetch_user_info: false` |
|
168
213
|
| client_auth_method | Authentication method to be used with the OIDC authorization server | no | `:basic` | `"basic"`, `"jwks"` |
|
169
214
|
| scope | OIDC scopes to be included in the server's response | `[:openid]` is required | all scopes offered by OIDC provider | `[:openid, :profile, :email]` |
|
170
215
|
| response_type | OAuth2 response type expected from OIDC provider during authorization | no | `"code"` | `"code"` or `"id_token"` |
|
@@ -58,7 +58,7 @@ module OmniAuth
|
|
58
58
|
|
59
59
|
verify_id_token!(@access_token.id_token) if configured_response_type == "code"
|
60
60
|
|
61
|
-
user_info_from_access_token
|
61
|
+
options.fetch_user_info ? user_info_from_access_token : define_access_token
|
62
62
|
end
|
63
63
|
|
64
64
|
def id_token_callback_phase
|
@@ -106,6 +106,20 @@ module OmniAuth
|
|
106
106
|
call_app!
|
107
107
|
end
|
108
108
|
|
109
|
+
def define_access_token
|
110
|
+
env["omniauth.auth"] = AuthHash.new(
|
111
|
+
provider: name,
|
112
|
+
credentials: {
|
113
|
+
id_token: @access_token.id_token,
|
114
|
+
token: @access_token.access_token,
|
115
|
+
refresh_token: @access_token.refresh_token,
|
116
|
+
expires_in: @access_token.expires_in,
|
117
|
+
scope: @access_token.scope
|
118
|
+
}
|
119
|
+
)
|
120
|
+
call_app!
|
121
|
+
end
|
122
|
+
|
109
123
|
def configured_response_type
|
110
124
|
@configured_response_type ||= options.response_type.to_s
|
111
125
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: omniauth_oidc
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Suleyman Musayev
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-06
|
11
|
+
date: 2024-07-06 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: httparty
|