Sign upLogin

thinkthroughmath/omniauth-openid-reconnect

View on GitHub
Star
lib/omniauth/strategies/openid_connect.rb

Summary

Maintainability
A
0 mins
Test Coverage
require 'addressable/uri'
require "net/http"
require 'omniauth'
require "openid_connect"

module OmniAuth
  module Strategies
    class OpenIDConnect
      include OmniAuth::Strategy

      option :client_options, {
        identifier: nil,
        secret: nil,
        redirect_uri: nil,
        scheme: "https",
        host: nil,
        port: 443,
        authorization_endpoint: "/authorize",
        token_endpoint: "/token",
        userinfo_endpoint: "/userinfo"
      }
      option :name, 'openid_connect'
      option :scope, [:openid]
      option :response_type, "code"
      option :state
      option :response_mode
      option :display, nil#, [:page, :popup, :touch, :wap]
      option :prompt, nil#, [:none, :login, :consent, :select_account]
      option :max_age
      option :ui_locales
      option :id_token_hint
      option :login_hint
      option :acr_values
      option :client_auth_method

      uid { user_info.sub }

      info do
        {
          name: user_info.name,
          email: user_info.email,
          nickname: user_info.preferred_username,
          first_name: user_info.given_name,
          last_name: user_info.family_name,
          gender: user_info.gender,
          image: user_info.picture,
          phone: user_info.phone_number,
          urls: { website: user_info.website }
        }
      end

      extra do
        { raw_info: user_info.raw_attributes }
      end

      credentials do
        { token: access_token.access_token }
      end

      def client
        @client ||= ::OpenIDConnect::Client.new(client_options)
      end

      def request_phase
        redirect authorize_uri
      end

      def callback_phase
        if !request.params["code"]
          return fail!(:missing_code, OmniAuth::OpenIDConnect::MissingCodeError.new(request.params["error"]))
        end

        client.redirect_uri = client_options.redirect_uri
        client.authorization_code = authorization_code
        access_token
        super
      end

      def authorization_code
        request.params["code"]
      end

      def authorize_uri
        client.redirect_uri = client_options.redirect_uri
        client.authorization_uri(
          response_type: options.response_type,
          scope: options.scope#,
          #nonce: nonce,
        )
      end

      private

      def user_info
        @user_info ||= access_token.userinfo!
      end

      def access_token
        @access_token ||= client.access_token!(:client_auth_method => options.client_auth_method)
      end

      def client_options
        options.client_options
      end

      #def nonce
      #  session[:nonce] = SecureRandom.hex(16)
      #end

      #def session
      #  @env.nil? ? {} : super
      #end
    end
  end
end

OmniAuth.config.add_camelization 'openid_connect', 'OpenIDConnect'