QT/sure
1
0
Fork 0
mirror of https://github.com/we-promise/sure.git synced 2026-04-23 05:54:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
768e85ce085ba170902916ec4fb582d4c55e0a41
sure/config/initializers/omniauth.rb
Juan José Mata 768e85ce08 Add OpenID Connect login support (#77) 
* Add OpenID Connect login support
* Add docs for OIDC config with Google Auth
* Use Google styles for log in
- Add support for linking existing account
- Force users to sign-in with passoword first, when linking existing accounts
- Add support to create new user when using OIDC
- Add identities to user to prevent account take-ver
- Make tests mocking instead of being integration tests
- Manage session handling correctly
- use OmniAuth.config.mock_auth instead of passing auth data via request env
* Conditionally render Oauth button

- Set a config item `configuration.x.auth.oidc_enabled`
- Hide button if disabled

---------

Signed-off-by: Juan José Mata <juanjo.mata@gmail.com>
Signed-off-by: soky srm <sokysrm@gmail.com>
Co-authored-by: sokie <sokysrm@gmail.com>
2025-10-24 16:07:45 +02:00

30 lines
1.3 KiB
Ruby
Raw Blame History

# frozen_string_literal: true
require "omniauth/rails_csrf_protection"
# Configure OmniAuth for production or test environments
# In test mode, OmniAuth will use mock data instead of real provider configuration
required_env = %w[OIDC_ISSUER OIDC_CLIENT_ID OIDC_CLIENT_SECRET OIDC_REDIRECT_URI]
missing = required_env.select { |k| ENV[k].blank? }
if missing.empty? || Rails.env.test?
Rails.application.config.middleware.use OmniAuth::Builder do
provider :openid_connect,
name: :openid_connect,
scope: %i[openid email profile],
response_type: :code,
issuer: ENV["OIDC_ISSUER"].to_s.strip || "https://test.example.com",
discovery: true,
pkce: true,
client_options: {
identifier: ENV["OIDC_CLIENT_ID"] || "test_client_id",
secret: ENV["OIDC_CLIENT_SECRET"] || "test_client_secret",
redirect_uri: ENV["OIDC_REDIRECT_URI"] || "http://test.example.com/callback"
}
end
Rails.configuration.x.auth.oidc_enabled = true
else
Rails.logger.warn("OIDC not enabled: missing env vars: #{missing.join(', ')}")
raise "Missing required OIDC env vars: #{missing.join(', ')}" if Rails.env.production?
Rails.configuration.x.auth.oidc_enabled = false
end
Reference in New Issue View Git Blame Copy Permalink