[openstreetmap/openstreetmap-website] Add openid connect support using doorkeeper-openid_connect gem (PR #4226)
Milan Cvetkovic
notifications at github.com
Wed Sep 6 10:48:03 UTC 2023
@milan-cvetkovic commented on this pull request.
> +
+Doorkeeper::OpenidConnect.configure do
+ issuer do |_resource_owner, _application|
+ "https://www.openstreetmap.org/oauth2"
+ end
+
+ signing_key Settings.doorkeeper_signing_key
+
+ subject_types_supported [:public]
+
+ resource_owner_from_access_token do |access_token|
+ # Example implementation:
+ User.find_by(:id => access_token.resource_owner_id)
+ end
+
+ auth_time_from_resource_owner do |resource_owner|
It looks like `auth_time_from_resource_owner` needs to exist even if empty, otherwise there is an error originating in [id_token.rb](https://github.com/doorkeeper-gem/doorkeeper-openid_connect/blob/5987683ccc22262beb6e44c76ca4b65288d6067a/lib/doorkeeper/openid_connect/id_token.rb#L68):
```
Doorkeeper::OpenidConnect::Errors::InvalidConfiguration - Failure due to Doorkeeper::OpenidConnect.configure.auth_time_from_resource_owner missing configuration.:
```
`reauthenticate_resource_owner` is used for `prompt=login` oidc parameter. If not present, or not functional (empty block is not functional) 500 error is triggered.
`select_account_for_resource_owner` is used for `prompt=select_account` oidc parameter. If not present, 500 error is triggered due to missing configuration (similar to the error as above). If empty body, it silently does not offer a selection list, but uses regular login flow.
I think it is safe to remove the latter two empty blocks.
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/4226#discussion_r1317097659
You are receiving this because you are subscribed to this thread.
Message ID: <openstreetmap/openstreetmap-website/pull/4226/review/1613041789 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20230906/e9cbcdba/attachment.htm>
More information about the rails-dev
mailing list