Last active
August 25, 2022 18:28
-
-
Save bettysteger/35755bcc0f323f62a3251fb11206d0a7 to your computer and use it in GitHub Desktop.
FusionAuth Omniauth Strategy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # lib/strategies/fusionauth.rb | |
| require 'omniauth-oauth2' | |
| module OmniAuth | |
| module Strategies | |
| class Fusionauth < OmniAuth::Strategies::OAuth2 | |
| # Give your strategy a name. | |
| option :name, "fusionauth" | |
| # This is where you pass the options you would pass when | |
| # initializing your consumer from the OAuth gem. | |
| option :client_options, { | |
| site: "https://<fusion-auth-domain>", | |
| authorize_url: "/oauth2/authorize", | |
| token_url: "/oauth2/token", | |
| redirect_uri: "#{Rails.application.config.asset_host}/auth/fusionauth/callback" | |
| } | |
| # These are called after authentication has succeeded. If | |
| # possible, you should try to set the UID without making | |
| # additional calls (if the user id is returned with the token | |
| # or as a URI parameter). This may not be possible with all | |
| # providers. | |
| uid { raw_info['sub'] } | |
| info do | |
| { | |
| name: raw_info['name'], | |
| email: raw_info['email'] | |
| } | |
| end | |
| extra do | |
| { | |
| 'raw_info': raw_info | |
| } | |
| end | |
| def raw_info | |
| @raw_info ||= access_token.get('/oauth2/userinfo').parsed | |
| end | |
| # Fix java error by removing `redirect_uri` | |
| # You are attempting to map a form field that contains multiple parameters to a property on the action class that is of type java.net.URI. | |
| def build_access_token | |
| verifier = request.params["code"] | |
| client.auth_code.get_token(verifier, token_params.to_hash(symbolize_keys: true), deep_symbolize(options.auth_token_params)) | |
| end | |
| end | |
| end | |
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # config/initializers/omniauth.rb | |
| require './lib/strategies/fusionauth' | |
| # Fix for adding 'omniauth-rails_csrf_protection' gem: | |
| # | |
| # @see https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284 | |
| OmniAuth.config.allowed_request_methods = [:post, :get] | |
| # ENV['OAUTH_DEBUG'] = 'true' if Rails.env.development? | |
| Rails.application.config.middleware.use OmniAuth::Builder do | |
| creds = Rails.application.credentials.dig(Rails.env.to_sym) | |
| # | |
| # FusionAuth Config | |
| # | |
| provider :fusionauth, creds.dig(:fusionauth, :client_id), creds.dig(:fusionauth, :client_secret), | |
| callback_path: '/auth/fusionauth/callback', | |
| scope: 'openid offline_access', | |
| setup: lambda { |env| # https://stackoverflow.com/a/60677313/595152 | |
| request = ActionDispatch::Request.new(env) | |
| env['omniauth.strategy'].options.merge!( | |
| authorize_params: { | |
| idp_hint: request.GET['idp_hint'] | |
| } | |
| ) | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment