2022-03-28 19:50:36 +02:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
|
|
# OpenIdConnectProvider is a special type of AuthProvider which provides authentication through an external SSO server using
|
|
|
|
|
# the OpenID Connect protocol.
|
|
|
|
|
class OpenIdConnectProvider < ApplicationRecord
|
2023-03-02 13:26:05 +01:00
|
|
|
has_one :auth_provider, as: :providable, dependent: :destroy
|
2022-03-29 12:18:16 +02:00
|
|
|
|
|
|
|
|
validates :issuer, presence: true
|
2022-03-30 18:01:19 +02:00
|
|
|
validates :client__identifier, presence: true
|
|
|
|
|
validates :client__secret, presence: true
|
|
|
|
|
validates :client__host, presence: true
|
|
|
|
|
validates :client__scheme, inclusion: { in: %w[http https] }
|
|
|
|
|
validates :client__port, numericality: { only_integer: true, greater_than: 0, less_than: 65_535 }
|
2022-03-29 12:18:16 +02:00
|
|
|
validates :response_type, inclusion: { in: %w[code id_token], allow_nil: true }
|
|
|
|
|
validates :response_mode, inclusion: { in: %w[query fragment form_post web_message], allow_nil: true }
|
|
|
|
|
validates :display, inclusion: { in: %w[page popup touch wap], allow_nil: true }
|
|
|
|
|
validates :prompt, inclusion: { in: %w[none login consent select_account], allow_nil: true }
|
2022-04-13 15:50:33 +02:00
|
|
|
validates :client_auth_method, inclusion: { in: %w[basic jwks] }
|
2023-10-12 14:14:13 +02:00
|
|
|
store_accessor :extra_authorize_params
|
|
|
|
|
|
|
|
|
|
def extra_authorize_params=(val)
|
|
|
|
|
return unless val.is_a?(String)
|
|
|
|
|
|
|
|
|
|
begin
|
|
|
|
|
super JSON.parse(val)
|
|
|
|
|
rescue JSON::ParserError
|
|
|
|
|
errors[:extra_authorize_params].add('is not valid JSON')
|
|
|
|
|
super
|
|
|
|
|
end
|
|
|
|
|
end
|
2022-03-28 19:50:36 +02:00
|
|
|
end
|
