Skip to content

Instantly share code, notes, and snippets.

Last active August 25, 2022 18:28
Show Gist options
  • Save bettysteger/35755bcc0f323f62a3251fb11206d0a7 to your computer and use it in GitHub Desktop.
Save bettysteger/35755bcc0f323f62a3251fb11206d0a7 to your computer and use it in GitHub Desktop.
FusionAuth Omniauth Strategy
# lib/strategies/fusionauth.rb
require 'omniauth-oauth2'
module OmniAuth
module Strategies
class Fusionauth < OmniAuth::Strategies::OAuth2
# Give your strategy a name.
option :name, "fusionauth"
# This is where you pass the options you would pass when
# initializing your consumer from the OAuth gem.
option :client_options, {
site: "https://<fusion-auth-domain>",
authorize_url: "/oauth2/authorize",
token_url: "/oauth2/token",
redirect_uri: "#{Rails.application.config.asset_host}/auth/fusionauth/callback"
# These are called after authentication has succeeded. If
# possible, you should try to set the UID without making
# additional calls (if the user id is returned with the token
# or as a URI parameter). This may not be possible with all
# providers.
uid { raw_info['sub'] }
info do
name: raw_info['name'],
email: raw_info['email']
extra do
'raw_info': raw_info
def raw_info
@raw_info ||= access_token.get('/oauth2/userinfo').parsed
# Fix java error by removing `redirect_uri`
# You are attempting to map a form field that contains multiple parameters to a property on the action class that is of type
def build_access_token
verifier = request.params["code"]
client.auth_code.get_token(verifier, token_params.to_hash(symbolize_keys: true), deep_symbolize(options.auth_token_params))
# config/initializers/omniauth.rb
require './lib/strategies/fusionauth'
# Fix for adding 'omniauth-rails_csrf_protection' gem:
# @see
OmniAuth.config.allowed_request_methods = [:post, :get]
# ENV['OAUTH_DEBUG'] = 'true' if Rails.env.development?
Rails.application.config.middleware.use OmniAuth::Builder do
creds = Rails.application.credentials.dig(Rails.env.to_sym)
# FusionAuth Config
provider :fusionauth, creds.dig(:fusionauth, :client_id), creds.dig(:fusionauth, :client_secret),
callback_path: '/auth/fusionauth/callback',
scope: 'openid offline_access',
setup: lambda { |env| #
request =
authorize_params: {
idp_hint: request.GET['idp_hint']
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment