I haven't update readme yet, please read source make sure you use right option.
lib/omniauth/strategies/google_id_token.rb
OmniAuth::GoogleIdToken
A omnitauth strategy primarily used for validating Google ID tokens (JWT encoded) generated by Google authentication servers. As with other Omniauth strategies, it can also redirect to Google's Sign In page.
As a validation strategy only this used by backend servers to validate Google ID tokens (Google authenticated users) passed on by mobile or webapps e.g. ios, Android, websites.
This makes use of google-id-token for validating the ID token.
Installation
Add this line to your application's Gemfile:
gem 'omniauth-google-id-token'
And then execute:
$ bundle
Or install it yourself as:
$ gem install omniauth-google-id-token
Usage
You use OmniAuth::Strategies::GoogleIdToken just like you do any other OmniAuth strategy:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :developer, :callback_path => "/nexus-api/auth/developer/callback", provider_ignores_state: true if Rails.env.development?
# provider :google-oauth2, ENV['GOOGLE_CLIENT_ID'], ENV['GOOGLE_CLIENT_SECRET'], scope: 'email, profile', provider_ignores_state: true , :callback_path => "/nexus-api/auth/google-oauth2/callback"
provider :'google-id-token', client_id: ENV['GOOGLE_CLIENT_ID']
# or
# to rename the provider
use OmniAuth::Strategies::GoogleIdToken,name: "google-oauth2", client_id: ENV['GOOGLE_CLIENT_ID']
end
OmniAuth.config.allowed_request_methods = %i[get post]If this strategy is used primarily for validating a Google ID token, then the only required fields are aud_claim and azp_claim.
If this strategy is also used for redirecting a user to the Google Sign In page before validation, then a client_id is also required. An example of the URL can be found at https://developers.google.com/identity/protocols/OAuth2WebServer#handlingresponse Sample OAuth 2.0 server response section.
-
name: The name of the strategy. The default name is
google_id_tokenbut it can be changed to any value, for examplegoogle. The OmniAuth URL will thus change to/auth/googleand theproviderkey in the auth hash will then returngoogle. -
uid_claim: this determines which claim will be used to uniquely identify the user. Defaults
to
sub - client_id: The client ID string that you obtain from the API Console, as described in Obtain OAuth 2.0 credentials
-
required_claims: array of claims that are required to make this a valid authentication call.
Defaults to
['name', 'email'] -
scope: array of request data in google api. Defaults to
['name', 'email', 'openid'] -
info_map: array mapping claim values to info hash values. Defaults to mapping
nameandemailto the same in the info hash.
Authentication Process
When you authenticate through omniauth-google-id-token you can send users to /auth/google-id-token
and it will redirect them to the URL https://accounts.google.com/o/oauth2/auth (and example can be
found at https://developers.google.com/identity/protocols/OAuth2WebServer#handlingresponse
Sample OAuth 2.0 server response).
From there, Google generates a ID token and sends to the redirect_uri passed in URL query params. The redirect_uri will look like '/auth/google-id-token/callback`. This is the endpoint to send the id token to if coming from a mobile or web app looking to validate a user with the backend server:
/auth/google-id-token/callback?id_token=ENCODEDJWTGOESHERE
Contributing
- Fork it
- Create your feature branch (
git checkout -b my-new-feature) - Commit your changes (
git commit -am 'Add some feature') - Push to the branch (
git push origin my-new-feature) - Create new Pull Request