(authentication) configure devise/omniauth to use the OpenIdConnect configuration

app/models/open_id_connect_provider.rb

@@ -4,4 +4,28 @@
 # the OpenID Connect protocol.
 class OpenIdConnectProvider < ApplicationRecord
   has_one :auth_provider, as: :providable
+
+  validates :issuer, presence: true
+  validates :client_identifier, presence: true
+  validates :client_secret, presence: true
+  validates :client_host, presence: true
+
+  validates :client_scheme, inclusion: { in: %w[http https] }
+  validates :client_port, numericality: { only_integer: true, greater_than: 0, less_than: 65_535 }
+  validates :response_type, inclusion: { in: %w[code id_token], allow_nil: true }
+  validates :response_mode, inclusion: { in: %w[query fragment form_post web_message], allow_nil: true }
+  validates :display, inclusion: { in: %w[page popup touch wap], allow_nil: true }
+  validates :prompt, inclusion: { in: %w[none login consent select_account], allow_nil: true }
+
+  def config
+    OpenIdConnectProvider.columns.map(&:name).filter { |n| !n.start_with?('client_') }.map do |n|
+      [n, send(n)]
+    end.push(['client_options', client_config]).to_h
+  end
+
+  def client_config
+    OpenIdConnectProvider.columns.map(&:name).filter { |n| n.start_with?('client_') }.map do |n|
+      [n.sub('client_', ''), send(n)]
+    end.to_h
+  end
 end

config/initializers/devise.rb

@@ -234,6 +234,8 @@ Devise.setup do |config|
     config.omniauth OmniAuth::Strategies::SsoOauth2Provider.name.to_sym,
                     active_provider.providable.client_id,
                     active_provider.providable.client_secret
+  elsif active_provider.providable_type == OpenIdConnectProvider.name
+    config.omniauth :openid_connect, active_provider.config
   end
 
   # ==> Warden configuration