mirror of
https://github.com/LaCasemate/fab-manager.git
synced 2025-01-18 07:52:23 +01:00
(api) automatically configure the openID response_type
This commit is contained in:
parent
6c46e5ec81
commit
c85281b29f
@ -96,7 +96,7 @@ class API::AuthProvidersController < API::ApiController
|
||||
elsif params['auth_provider']['providable_type'] == OpenIdConnectProvider.name
|
||||
params.require(:auth_provider)
|
||||
.permit(:name, :providable_type,
|
||||
providable_attributes: %i[id issuer discovery client_auth_method scope response_type prompt
|
||||
providable_attributes: %i[id issuer discovery client_auth_method scope prompt
|
||||
send_scope_to_token_endpoint post_logout_redirect_uri uid_field extra_authorize_params
|
||||
allow_authorize_params client__identifier client__secret client__redirect_uri
|
||||
client__scheme client__host client__port client__authorization_endpoint client__token_endpoint
|
||||
|
@ -103,15 +103,6 @@ export const OpenidConnectForm = <TFieldValues extends FieldValues, TContext ext
|
||||
label={t('app.admin.authentication.openid_connect_form.scope')}
|
||||
placeholder="openid,profile,email"
|
||||
tooltip={t('app.admin.authentication.openid_connect_form.scope_help')} />
|
||||
<FormSelect id="providable_attributes.response_type"
|
||||
label={t('app.admin.authentication.openid_connect_form.response_type')}
|
||||
tooltip={t('app.admin.authentication.openid_connect_form.response_type_help')}
|
||||
options={[
|
||||
{ value: 'code', label: t('app.admin.authentication.openid_connect_form.response_type_code') },
|
||||
{ value: 'id_token', label: t('app.admin.authentication.openid_connect_form.response_type_id_token') }
|
||||
]}
|
||||
valueDefault={'code'}
|
||||
control={control} />
|
||||
<FormSelect id="providable_attributes.prompt"
|
||||
label={t('app.admin.authentication.openid_connect_form.prompt')}
|
||||
tooltip={<HtmlTranslate trKey="app.admin.authentication.openid_connect_form.prompt_help_html" />}
|
||||
|
@ -21,6 +21,7 @@ class OpenIdConnectProvider < ApplicationRecord
|
||||
before_validation :set_client_scheme_host_port
|
||||
before_validation :set_redirect_uri
|
||||
before_validation :set_display
|
||||
before_validation :set_response_type
|
||||
|
||||
def config
|
||||
OpenIdConnectProvider.columns.map(&:name).filter { |n| !n.start_with?('client__') && n != 'profile_url' }.map do |n|
|
||||
@ -52,6 +53,10 @@ class OpenIdConnectProvider < ApplicationRecord
|
||||
self.response_mode = 'query'
|
||||
end
|
||||
|
||||
def set_response_type
|
||||
self.response_type = 'code'
|
||||
end
|
||||
|
||||
def set_client_scheme_host_port
|
||||
require 'uri'
|
||||
|
||||
|
@ -12,7 +12,7 @@ end
|
||||
|
||||
if @provider.providable_type == OpenIdConnectProvider.name
|
||||
json.providable_attributes do
|
||||
json.extract! @provider.providable, :id, :issuer, :discovery, :client_auth_method, :scope, :response_type,
|
||||
json.extract! @provider.providable, :id, :issuer, :discovery, :client_auth_method, :scope,
|
||||
:prompt, :send_scope_to_token_endpoint, :post_logout_redirect_uri, :uid_field, :client__identifier, :client__secret,
|
||||
:client__redirect_uri, :client__scheme, :client__host, :client__port, :client__authorization_endpoint,
|
||||
:client__token_endpoint, :client__userinfo_endpoint, :client__jwks_uri, :client__end_session_endpoint, :profile_url
|
||||
|
@ -1113,10 +1113,6 @@ en:
|
||||
client_auth_method_jwks: "JWKS"
|
||||
scope: "Scope"
|
||||
scope_help: "Which OpenID scopes to include (openid is always required)"
|
||||
response_type: "Response type"
|
||||
response_type_help: "Which OpenID response type to use with the authorization request. This is usually 'code'"
|
||||
response_type_code: "Code"
|
||||
response_type_id_token: "Id token"
|
||||
prompt: "Prompt"
|
||||
prompt_help_html: "Which OpenID pages the user will be shown. <br> <b>None</b> - no authentication or consent user interface pages are shown. <br> <b>Login</b> - the authorization server prompt the user for reauthentication. <br> <b>Consent</b> - the authorization server prompt the user for consent before returning information to Fab-manager. <br> <b>Select account</b> - the authorization server prompt the user to select a user account."
|
||||
prompt_none: "None"
|
||||
|
Loading…
x
Reference in New Issue
Block a user