This project is no longer maintained. Please see https://github.com/m0n9oose/omniauth_openid_connect for a maintained version.
OmniAuth::OpenIDConnect
OpenID Connect strategy for OmniAuth
Installation
Add this line to your application's Gemfile:
gem 'omniauth-openid-connect'
And then execute:
$ bundle
Or install it yourself as:
$ gem install omniauth-openid-connect
Usage
Example configuration
config.omniauth :openid_connect, {
name: :my_provider,
scope: [:openid, :email, :profile, :address],
response_type: :code,
client_options: {
port: 443,
scheme: "https",
host: "myprovider.com",
identifier: ENV["OP_CLIENT_ID"],
secret: ENV["OP_SECRET_KEY"],
redirect_uri: "http://myapp.com/users/auth/openid_connect/callback",
},
}
Configuration details:
-
name
is arbitrary, I recommend using the name of your provider. The name configuration exists because you could be using multiple OpenID Connect providers in a single app. - Although
response_type
is an available option, currently, only:code
is valid. There are plans to bring in implicit flow and hybrid flow at some point, but it hasn't come up yet for me. Those flows aren't best practive for server side web apps anyway and are designed more for native/mobile apps. - If you want to pass
state
paramete by yourself. You can set Proc Object.
e.g.state: Proc.new{ SecureRandom.hex(32) }
-
nonce
is optional. If don't want to pass "nonce" parameter to provider, You should specifyfalse
tosend_nonce
option. (default true) - Support for other client authentication methods. If don't specified
:client_auth_method
option, automatically set:basic
. - Use "OpenID Connect Discovery", You should specify
true
todiscovery
option. (default false) - In "OpenID Connect Discovery", generally provider should have Webfinger endpoint.
If provider does not have Webfinger endpoint, You can specify "Issuer" to option.
e.g.issuer: "https://myprovider.com"
It means to get configuration from "https://myprovider.com/.well-known/openid-configuration".
For the full low down on OpenID Connect, please check out the spec.
Contributing
- Fork it ( http://github.com/jjbohn/omniauth-openid-connect/fork )
- Create your feature branch (
git checkout -b my-new-feature
) - Commit your changes (
git commit -am 'Add some feature'
) - Push to the branch (
git push origin my-new-feature
) - Create new Pull Request