mirror of
https://github.com/LaCasemate/fab-manager.git
synced 2024-12-10 21:24:20 +01:00
(api) automatically configure the openID response_type
This commit is contained in:
parent
9665368755
commit
007c97969d
@ -96,7 +96,7 @@ class API::AuthProvidersController < API::ApiController
|
|||||||
elsif params['auth_provider']['providable_type'] == OpenIdConnectProvider.name
|
elsif params['auth_provider']['providable_type'] == OpenIdConnectProvider.name
|
||||||
params.require(:auth_provider)
|
params.require(:auth_provider)
|
||||||
.permit(:name, :providable_type,
|
.permit(:name, :providable_type,
|
||||||
providable_attributes: %i[id issuer discovery client_auth_method scope response_type prompt
|
providable_attributes: %i[id issuer discovery client_auth_method scope prompt
|
||||||
send_scope_to_token_endpoint post_logout_redirect_uri uid_field extra_authorize_params
|
send_scope_to_token_endpoint post_logout_redirect_uri uid_field extra_authorize_params
|
||||||
allow_authorize_params client__identifier client__secret client__redirect_uri
|
allow_authorize_params client__identifier client__secret client__redirect_uri
|
||||||
client__scheme client__host client__port client__authorization_endpoint client__token_endpoint
|
client__scheme client__host client__port client__authorization_endpoint client__token_endpoint
|
||||||
|
@ -103,15 +103,6 @@ export const OpenidConnectForm = <TFieldValues extends FieldValues, TContext ext
|
|||||||
label={t('app.admin.authentication.openid_connect_form.scope')}
|
label={t('app.admin.authentication.openid_connect_form.scope')}
|
||||||
placeholder="openid,profile,email"
|
placeholder="openid,profile,email"
|
||||||
tooltip={t('app.admin.authentication.openid_connect_form.scope_help')} />
|
tooltip={t('app.admin.authentication.openid_connect_form.scope_help')} />
|
||||||
<FormSelect id="providable_attributes.response_type"
|
|
||||||
label={t('app.admin.authentication.openid_connect_form.response_type')}
|
|
||||||
tooltip={t('app.admin.authentication.openid_connect_form.response_type_help')}
|
|
||||||
options={[
|
|
||||||
{ value: 'code', label: t('app.admin.authentication.openid_connect_form.response_type_code') },
|
|
||||||
{ value: 'id_token', label: t('app.admin.authentication.openid_connect_form.response_type_id_token') }
|
|
||||||
]}
|
|
||||||
valueDefault={'code'}
|
|
||||||
control={control} />
|
|
||||||
<FormSelect id="providable_attributes.prompt"
|
<FormSelect id="providable_attributes.prompt"
|
||||||
label={t('app.admin.authentication.openid_connect_form.prompt')}
|
label={t('app.admin.authentication.openid_connect_form.prompt')}
|
||||||
tooltip={<HtmlTranslate trKey="app.admin.authentication.openid_connect_form.prompt_help_html" />}
|
tooltip={<HtmlTranslate trKey="app.admin.authentication.openid_connect_form.prompt_help_html" />}
|
||||||
|
@ -21,6 +21,7 @@ class OpenIdConnectProvider < ApplicationRecord
|
|||||||
before_validation :set_client_scheme_host_port
|
before_validation :set_client_scheme_host_port
|
||||||
before_validation :set_redirect_uri
|
before_validation :set_redirect_uri
|
||||||
before_validation :set_display
|
before_validation :set_display
|
||||||
|
before_validation :set_response_type
|
||||||
|
|
||||||
def config
|
def config
|
||||||
OpenIdConnectProvider.columns.map(&:name).filter { |n| !n.start_with?('client__') && n != 'profile_url' }.map do |n|
|
OpenIdConnectProvider.columns.map(&:name).filter { |n| !n.start_with?('client__') && n != 'profile_url' }.map do |n|
|
||||||
@ -52,6 +53,10 @@ class OpenIdConnectProvider < ApplicationRecord
|
|||||||
self.response_mode = 'query'
|
self.response_mode = 'query'
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def set_response_type
|
||||||
|
self.response_type = 'code'
|
||||||
|
end
|
||||||
|
|
||||||
def set_client_scheme_host_port
|
def set_client_scheme_host_port
|
||||||
require 'uri'
|
require 'uri'
|
||||||
|
|
||||||
|
@ -12,7 +12,7 @@ end
|
|||||||
|
|
||||||
if @provider.providable_type == OpenIdConnectProvider.name
|
if @provider.providable_type == OpenIdConnectProvider.name
|
||||||
json.providable_attributes do
|
json.providable_attributes do
|
||||||
json.extract! @provider.providable, :id, :issuer, :discovery, :client_auth_method, :scope, :response_type,
|
json.extract! @provider.providable, :id, :issuer, :discovery, :client_auth_method, :scope,
|
||||||
:prompt, :send_scope_to_token_endpoint, :post_logout_redirect_uri, :uid_field, :client__identifier, :client__secret,
|
:prompt, :send_scope_to_token_endpoint, :post_logout_redirect_uri, :uid_field, :client__identifier, :client__secret,
|
||||||
:client__redirect_uri, :client__scheme, :client__host, :client__port, :client__authorization_endpoint,
|
:client__redirect_uri, :client__scheme, :client__host, :client__port, :client__authorization_endpoint,
|
||||||
:client__token_endpoint, :client__userinfo_endpoint, :client__jwks_uri, :client__end_session_endpoint, :profile_url
|
:client__token_endpoint, :client__userinfo_endpoint, :client__jwks_uri, :client__end_session_endpoint, :profile_url
|
||||||
|
@ -1110,10 +1110,6 @@ en:
|
|||||||
client_auth_method_jwks: "JWKS"
|
client_auth_method_jwks: "JWKS"
|
||||||
scope: "Scope"
|
scope: "Scope"
|
||||||
scope_help: "Which OpenID scopes to include (openid is always required)"
|
scope_help: "Which OpenID scopes to include (openid is always required)"
|
||||||
response_type: "Response type"
|
|
||||||
response_type_help: "Which OpenID response type to use with the authorization request. This is usually 'code'"
|
|
||||||
response_type_code: "Code"
|
|
||||||
response_type_id_token: "Id token"
|
|
||||||
prompt: "Prompt"
|
prompt: "Prompt"
|
||||||
prompt_help_html: "Which OpenID pages the user will be shown. <br> <b>None</b> - no authentication or consent user interface pages are shown. <br> <b>Login</b> - the authorization server prompt the user for reauthentication. <br> <b>Consent</b> - the authorization server prompt the user for consent before returning information to Fab-manager. <br> <b>Select account</b> - the authorization server prompt the user to select a user account."
|
prompt_help_html: "Which OpenID pages the user will be shown. <br> <b>None</b> - no authentication or consent user interface pages are shown. <br> <b>Login</b> - the authorization server prompt the user for reauthentication. <br> <b>Consent</b> - the authorization server prompt the user for consent before returning information to Fab-manager. <br> <b>Select account</b> - the authorization server prompt the user to select a user account."
|
||||||
prompt_none: "None"
|
prompt_none: "None"
|
||||||
|
Loading…
Reference in New Issue
Block a user