Merge pull request #1698 from internetee/add-tara-to-registrant

Expand TARA auth logic to registrant portal

config/initializers/devise.rb

@@ -280,10 +280,4 @@ Devise.setup do |config|
   # When using OmniAuth, Devise cannot automatically set OmniAuth path,
   # so you need to do it manually. For the users scope, it would be:
   # config.omniauth_path_prefix = '/my_engine/users/auth'
-
-  require 'devise/models/id_card_authenticatable'
-  require 'devise/strategies/id_card_authenticatable'
-
-  routes = [nil, :new, :destroy]
-  config.add_module :id_card_authenticatable, strategy: true, route: { session: routes }
 end

config/initializers/omniauth.rb

@@ -16,6 +16,10 @@ identifier = ENV['tara_identifier']
 secret = ENV['tara_secret']
 redirect_uri = ENV['tara_redirect_uri']
 
+registrant_identifier = ENV['tara_rant_identifier']
+registrant_secret = ENV['tara_rant_secret']
+registrant_redirect_uri = ENV['tara_rant_redirect_uri']
+
 Rails.application.config.middleware.use OmniAuth::Builder do
   provider "tara", {
       callback_path: '/registrar/open_id/callback',
@@ -43,4 +47,30 @@ Rails.application.config.middleware.use OmniAuth::Builder do
           redirect_uri: redirect_uri,
       },
   }
+
+  provider "tara", {
+      callback_path: '/registrant/open_id/callback',
+      name: 'rant_tara',
+      scope: ['openid'],
+      client_signing_alg: :RS256,
+      client_jwk_signing_key: signing_keys,
+      send_scope_to_token_endpoint: false,
+      send_nonce: true,
+      issuer: issuer,
+
+      client_options: {
+          scheme: 'https',
+          host: host,
+
+          authorization_endpoint: '/oidc/authorize',
+          token_endpoint: '/oidc/token',
+          userinfo_endpoint: nil, # Not implemented
+          jwks_uri: '/oidc/jwks',
+
+          # Registry
+          identifier: registrant_identifier,
+          secret: registrant_secret,
+          redirect_uri: registrant_redirect_uri,
+      },
+  }
 end