Originally was omniauth-openid-connect
I've forked this repository and launch as separate gem because maintaining of original was dropped.
Add this line to your application's Gemfile:
gem 'omniauth_openid_connect'
And then execute:
$ bundle
Or install it yourself as:
$ gem install omniauth_openid_connect
OmniAuth::OpenIDConnect is tested under 2.4, 2.5, 2.6
Example configuration
config.omniauth :openid_connect, {
name: :my_provider,
scope: [:openid, :email, :profile, :address],
response_type: :code,
uid_field: "preferred_username",
client_options: {
port: 443,
scheme: "https",
host: "myprovider.com",
identifier: ENV["OP_CLIENT_ID"],
secret: ENV["OP_SECRET_KEY"],
redirect_uri: "http://myapp.com/users/auth/openid_connect/callback",
},
}
Configuration details:
name
is arbitrary, I recommend using the name of your provider. The name configuration exists because you could be using multiple OpenID Connect providers in a single app.
NOTE: if you use this gem with Devise you should use :openid_connect
name,
or Devise would route to 'users/auth/:provider' rather than 'users/auth/openid_connect'
response_type
tells the authorization server which grant type the application wants to use, currently, only:code
(Authorization Code grant) and:id_token
(Implicit grant) are valid.- If you want to pass
state
paramete by yourself. You can set Proc Object. e.g.state: Proc.new { SecureRandom.hex(32) }
nonce
is optional. If don't want to pass "nonce" parameter to provider, You should specifyfalse
tosend_nonce
option. (default true)- Support for other client authentication methods. If don't specified
:client_auth_method
option, automatically set:basic
. - Use "OpenID Connect Discovery", You should specify
true
todiscovery
option. (default false) - In "OpenID Connect Discovery", generally provider should have Webfinger endpoint.
If provider does not have Webfinger endpoint, You can specify "Issuer" to option.
e.g.
issuer: "https://myprovider.com"
It means to get configuration from "https://myprovider.com/.well-known/openid-configuration". - The uid is by default using the
sub
value from theuser_info
response, which in some applications is not the expected value. To avoid such limitations, the uid label can be configured by providing the omniauthuid_field
option to a different label (i.e.preferred_username
) that appears in theuser_info
details. - The
issuer
property should exactly match the provider's issuer link. - The
response_mode
option is optional and specifies how the result of the authorization request is formatted.
For the full low down on OpenID Connect, please check out the spec.
- Fork it ( http://github.com/m0n9oose/omniauth-openid-connect/fork )
- Create your feature branch (
git checkout -b my-new-feature
) - Cover your changes with tests and make sure they're green (
bundle install && bundle exec rake test
) - Commit your changes (
git commit -am 'Add some feature'
) - Push to the branch (
git push origin my-new-feature
) - Create new Pull Request