[openstreetmap/openstreetmap-website] Add openid connect support using doorkeeper-openid_connect gem (PR #4226)

Tom Hughes notifications at github.com
Thu Sep 7 16:29:20 UTC 2023 

@tomhughes commented on this pull request.



> @@ -27,12 +27,36 @@
   end
 
   claims do
-    claim :preferred_username, :scope => :openid do |resource_owner, _scopes, _access_token|
+    claim :preferred_username, :response => [:id_token, :user_info] do |resource_owner, _scopes, _access_token|

What was wrong with binding this to the `openid` scope?

>        resource_owner.display_name
     end
 
     claim :email, :scope => :read_email, :response => [:id_token, :user_info] do |resource_owner, _scopes, _access_token|
       resource_owner.email
     end
+
+    claim :email_verified, :scope => :read_email, :response => [:id_token, :user_info] do |resource_owner, _scopes, _access_token|

I'm not sure we want to get into the business of claiming to know whether emails are valid, and that flag is I think always true for any active account anyway.

>        resource_owner.display_name
     end
 
     claim :email, :scope => :read_email, :response => [:id_token, :user_info] do |resource_owner, _scopes, _access_token|
       resource_owner.email
     end
+
+    claim :email_verified, :scope => :read_email, :response => [:id_token, :user_info] do |resource_owner, _scopes, _access_token|
+      resource_owner.email_valid
+    end
+
+    claim :profile do |resource_owner, _scopes, _access_token|
+      "https://www.openstreetmap.org/user/#{resource_owner.display_name}"
+    end
+
+    claim :description do |resource_owner, _scopes, _access_token|

I'm not sure how useful this, or any of the other custom claims you've added are given they're all OSM specific.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/4226#pullrequestreview-1615829083
You are receiving this because you are subscribed to this thread.

Message ID: <openstreetmap/openstreetmap-website/pull/4226/review/1615829083 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20230907/8a045e54/attachment-0001.htm>

More information about the rails-dev mailing list