1
0
mirror of https://github.com/LaCasemate/fab-manager.git synced 2024-12-10 21:24:20 +01:00

(api) automatically configure the openID response_type

This commit is contained in:
Sylvain 2022-04-19 17:39:42 +02:00
parent 9665368755
commit 007c97969d
5 changed files with 7 additions and 15 deletions

View File

@ -96,7 +96,7 @@ class API::AuthProvidersController < API::ApiController
elsif params['auth_provider']['providable_type'] == OpenIdConnectProvider.name elsif params['auth_provider']['providable_type'] == OpenIdConnectProvider.name
params.require(:auth_provider) params.require(:auth_provider)
.permit(:name, :providable_type, .permit(:name, :providable_type,
providable_attributes: %i[id issuer discovery client_auth_method scope response_type prompt providable_attributes: %i[id issuer discovery client_auth_method scope prompt
send_scope_to_token_endpoint post_logout_redirect_uri uid_field extra_authorize_params send_scope_to_token_endpoint post_logout_redirect_uri uid_field extra_authorize_params
allow_authorize_params client__identifier client__secret client__redirect_uri allow_authorize_params client__identifier client__secret client__redirect_uri
client__scheme client__host client__port client__authorization_endpoint client__token_endpoint client__scheme client__host client__port client__authorization_endpoint client__token_endpoint

View File

@ -103,15 +103,6 @@ export const OpenidConnectForm = <TFieldValues extends FieldValues, TContext ext
label={t('app.admin.authentication.openid_connect_form.scope')} label={t('app.admin.authentication.openid_connect_form.scope')}
placeholder="openid,profile,email" placeholder="openid,profile,email"
tooltip={t('app.admin.authentication.openid_connect_form.scope_help')} /> tooltip={t('app.admin.authentication.openid_connect_form.scope_help')} />
<FormSelect id="providable_attributes.response_type"
label={t('app.admin.authentication.openid_connect_form.response_type')}
tooltip={t('app.admin.authentication.openid_connect_form.response_type_help')}
options={[
{ value: 'code', label: t('app.admin.authentication.openid_connect_form.response_type_code') },
{ value: 'id_token', label: t('app.admin.authentication.openid_connect_form.response_type_id_token') }
]}
valueDefault={'code'}
control={control} />
<FormSelect id="providable_attributes.prompt" <FormSelect id="providable_attributes.prompt"
label={t('app.admin.authentication.openid_connect_form.prompt')} label={t('app.admin.authentication.openid_connect_form.prompt')}
tooltip={<HtmlTranslate trKey="app.admin.authentication.openid_connect_form.prompt_help_html" />} tooltip={<HtmlTranslate trKey="app.admin.authentication.openid_connect_form.prompt_help_html" />}

View File

@ -21,6 +21,7 @@ class OpenIdConnectProvider < ApplicationRecord
before_validation :set_client_scheme_host_port before_validation :set_client_scheme_host_port
before_validation :set_redirect_uri before_validation :set_redirect_uri
before_validation :set_display before_validation :set_display
before_validation :set_response_type
def config def config
OpenIdConnectProvider.columns.map(&:name).filter { |n| !n.start_with?('client__') && n != 'profile_url' }.map do |n| OpenIdConnectProvider.columns.map(&:name).filter { |n| !n.start_with?('client__') && n != 'profile_url' }.map do |n|
@ -52,6 +53,10 @@ class OpenIdConnectProvider < ApplicationRecord
self.response_mode = 'query' self.response_mode = 'query'
end end
def set_response_type
self.response_type = 'code'
end
def set_client_scheme_host_port def set_client_scheme_host_port
require 'uri' require 'uri'

View File

@ -12,7 +12,7 @@ end
if @provider.providable_type == OpenIdConnectProvider.name if @provider.providable_type == OpenIdConnectProvider.name
json.providable_attributes do json.providable_attributes do
json.extract! @provider.providable, :id, :issuer, :discovery, :client_auth_method, :scope, :response_type, json.extract! @provider.providable, :id, :issuer, :discovery, :client_auth_method, :scope,
:prompt, :send_scope_to_token_endpoint, :post_logout_redirect_uri, :uid_field, :client__identifier, :client__secret, :prompt, :send_scope_to_token_endpoint, :post_logout_redirect_uri, :uid_field, :client__identifier, :client__secret,
:client__redirect_uri, :client__scheme, :client__host, :client__port, :client__authorization_endpoint, :client__redirect_uri, :client__scheme, :client__host, :client__port, :client__authorization_endpoint,
:client__token_endpoint, :client__userinfo_endpoint, :client__jwks_uri, :client__end_session_endpoint, :profile_url :client__token_endpoint, :client__userinfo_endpoint, :client__jwks_uri, :client__end_session_endpoint, :profile_url

View File

@ -1110,10 +1110,6 @@ en:
client_auth_method_jwks: "JWKS" client_auth_method_jwks: "JWKS"
scope: "Scope" scope: "Scope"
scope_help: "Which OpenID scopes to include (openid is always required)" scope_help: "Which OpenID scopes to include (openid is always required)"
response_type: "Response type"
response_type_help: "Which OpenID response type to use with the authorization request. This is usually 'code'"
response_type_code: "Code"
response_type_id_token: "Id token"
prompt: "Prompt" prompt: "Prompt"
prompt_help_html: "Which OpenID pages the user will be shown. <br> <b>None</b> - no authentication or consent user interface pages are shown. <br> <b>Login</b> - the authorization server prompt the user for reauthentication. <br> <b>Consent</b> - the authorization server prompt the user for consent before returning information to Fab-manager. <br> <b>Select account</b> - the authorization server prompt the user to select a user account." prompt_help_html: "Which OpenID pages the user will be shown. <br> <b>None</b> - no authentication or consent user interface pages are shown. <br> <b>Login</b> - the authorization server prompt the user for reauthentication. <br> <b>Consent</b> - the authorization server prompt the user for consent before returning information to Fab-manager. <br> <b>Select account</b> - the authorization server prompt the user to select a user account."
prompt_none: "None" prompt_none: "None"