zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-06-06 20:55:44 +02:00
Code Issues Projects Releases Packages Wiki Activity
internetee-registry/config/initializers/omniauth.rb
Alex Sherman a3042c39ee Try to set callback_path explicitly
2020-09-28 14:48:23 +05:00

46 lines
1.3 KiB
Ruby
Raw Blame History

OpenIDConnect.logger = Rails.logger
OpenIDConnect.debug!
OmniAuth.config.on_failure = Proc.new { |env|
OmniAuth::FailureEndpoint.new(env).redirect_to_failure
}
OmniAuth.config.logger = Rails.logger
# Block GET requests to avoid exposing self to CVE-2015-9284
OmniAuth.config.allowed_request_methods = [:post]
signing_keys = ENV['tara_keys']
issuer = ENV['tara_issuer']
host = ENV['tara_host']
identifier = ENV['tara_identifier']
secret = ENV['tara_secret']
redirect_uri = ENV['tara_redirect_uri']
Rails.application.config.middleware.use OmniAuth::Builder do
provider "tara", {
callback_path: '/registrar/open_id/callback',
name: 'tara',
scope: ['openid'],
state: Proc.new{ SecureRandom.hex(10) },
client_signing_alg: :RS256,
client_jwk_signing_key: signing_keys,
send_scope_to_token_endpoint: false,
send_nonce: true,
issuer: issuer,
client_options: {
scheme: 'https',
host: host,
authorization_endpoint: '/oidc/authorize',
token_endpoint: '/oidc/token',
userinfo_endpoint: nil, # Not implemented
jwks_uri: '/oidc/jwks',
# Registry
identifier: identifier,
secret: secret,
redirect_uri: redirect_uri,
},
}
end
Reference in a new issue View git blame Copy permalink