Skip to content

Instantly share code, notes, and snippets.

@Fustrate
Last active July 3, 2020 20:12
Show Gist options
  • Save Fustrate/6280bbf3f22290bb22c03146af6999ac to your computer and use it in GitHub Desktop.
Save Fustrate/6280bbf3f22290bb22c03146af6999ac to your computer and use it in GitHub Desktop.
# Comments removed for brevity
# No need to declare which submodules are in use beforehand
Rails.application.config.sorcery.configure do |config|
config.not_authenticated_action = :not_authenticated
config.save_return_to_url = true
config.cookie_domain = nil
config.remember_me_httponly = true
config.token_randomness = 15
config.load_plugins(
session_timeout: {
:session_timeout,
session_timeout: 3600,
session_timeout_from_last_action: false,
session_timeout_invalidate_active_sessions_enabled: false
}
http_basic_auth: {
controller_to_realm_map: {
application: 'Application'
}
},
activity_logging: {
register_login_time: true,
register_logout_time: true,
register_last_activity_time: true,
},
external: {
# Since the callback URLs are nearly always the same, why not set it once and make it
# overrideable on a per-provider basis if necessary?
callback_url: 'http://0.0.0.0:3000/oauth/callback?provider=:provider',
authentications_class: nil,
user_id_attribute_name: :user_id,
provider_attribute_name: :provider,
provider_uid_attribute_name: :uid
}
)
# Load a single plugin
config.load_plugin(
:magic_login,
token_attribute_name: :magic_login_token,
token_expires_at_attribute_name: :magic_login_token_expires_at,
email_sent_at_attribute_name: :magic_login_email_sent_at,
mailer_class: nil,
email_method_name: :magic_login_email,
mailer_disabled: true,
expiration_period: nil,
time_between_emails: 5 * 60
)
# Load a plugin from a separate gem
config.load_plugin MultiFactorAuthenticationPlugin, some_custom_setting: true
# Instead of setting the key and secret in the config file, possibly read from
# `Rails.application.credentials` by default, and fall back to the old way if they're not found
# Pass the enabled providers as a hash instead of class attributes - the keys are constantized
# into Sorcery::Providers::Whatever and the values are passed as their configuration.
#
# I don't think I like this as a single call - I prefer separate calls as seen further down.
config.load_providers(
auth0: {
site: 'https://example.auth0.com',
},
discord: {
scope: 'email guilds',
},
facebook: {
user_info_path: 'me?fields=email',
user_info_mapping: {
email: 'email'
},
access_permissions: %w[email],
display: 'page',
api_version: 'v2.3',
parse: :json
},
github: {
user_info_mapping: {
email: 'name',
scope: ''
}
},
google: {
user_info_mapping: {
email: 'email',
username: 'name'
},
scope: 'https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile'
},
instagram: {
user_info_mapping: {
email: 'username',
access_permissions: %w[basic public_content follower_list comments relationships likes]
}
},
jira: {
site: 'http://localhost:2990/jira/plugins/servlet/oauth',
signature_method: 'RSA-SHA1',
private_key_file: 'rsakey.pem'
},
# An empty hash for a provider with no custom configuration, or just `true`? This would be
# better as an `add_provider` call as seen below.
line: {},
linkedin: {
user_info_mapping: {
first_name: 'localizedFirstName',
last_name: 'localizedLastName',
email: 'emailAddress'
},
scope: 'r_liteprofile r_emailaddress'
},
liveid: {
user_info_mapping: {
username: "name"
}
},
microsoft: {
user_info_mapping: {
email: 'userPrincipalName',
username: 'displayName'
},
scope: 'openid email https://graph.microsoft.com/User.Read'
},
paypal: {
user_info_mapping: {
email: 'email'
}
},
salesforce: {
scope: 'full',
user_info_mapping: {
email: 'email'
}
},
slack: {
user_info_mapping: {
email: 'email'
}
},
twitter: {
user_info_mapping: {
email: 'screen_name'
}
},
vk: {
user_info_mapping: {
login: 'domain',
name: 'full_name'
},
api_version: '5.71'
},
# An empty hash for a provider with no custom configuration, or just `true`? This would be
# better as an `add_provider` call as seen below.
wechat: {},
xing: {
user_info_mapping: {
first_name: 'first_name',
last_name: 'last_name'
}
}
)
# Load a provider from a separate gem
config.add_provider(
MyAmazonProvider,
user_info_mapping: {
first_name: 'localizedFirstName',
last_name: 'localizedLastName',
email: 'emailAddress'
},
scope: 'r_liteprofile r_emailaddress'
)
# Could also load a single built-in provider this way, if the mega-hash is too unwieldy
config.add_provider(
:facebook,
user_info_path: 'me?fields=email',
user_info_mapping: {
email: 'email'
},
access_permissions: %w[email],
display: 'page',
api_version: 'v2.3',
parse: :json
)
# Thinking out loud, do we really need two separate configs? Can't the user config just be part
# of the config for the individual plugins?
config.user_config do |user|
# ...
end
config.user_class = 'MyUserClass'
end
@joshbuker
Copy link

I was wondering how to clean up the config, and this gives an excellent starting point. Thank you @Fustrate!!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment