d83b56df57
It brings in way too many dependencies, including active_support.
If you consider all of the dependencies, there is a lot of complexity.
Our needs are simple:
* When user clicks button to login via OIDC
* Redirect user to OIDC Provider authorize endpoint when login is attempted
* No server-side HTTP requests
* When user clicks the authorize button on OIDC Provider webpage
* Receive callback from OIDC Provider
* Generally 1 server-side HTTP request to the token endpoint
* If token endpoint does not provide email inside id_token, also request
to userinfo endpoint
I forked omniauth_openid_connect, cut out about 2/3 of it and all of its
dependencies, and renamed it to omniauth_oidc. It still allows authentication
using the rodauth-oauth2 authorization server. The implementation is stored
under the vendor directory, because it is best thought of as a separate
library and not part of Ubicloud. It's also not covered by tests, since the
only way to properly test it is to run an OIDC authorization server (maybe
integration tests for that can be added in the future). I added a coverage
filter so that code in the vendor directory is ignored.
6.8 KiB
6.8 KiB