Baffle-WAF/baffle-hub
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
f50ebe666e0635c4b36d168c330335782482b700
baffle-hub/config/initializers/omniauth.rb
Dan Milne f50ebe666e Fix rules, fix OIDC loggin
2025-11-07 16:12:39 +11:00

29 lines
1001 B
Ruby
Raw Blame History

Rails.application.config.middleware.use OmniAuth::Builder do
# Only configure OIDC if environment variables are present
if ENV['OIDC_DISCOVERY_URL'].present? && ENV['OIDC_CLIENT_ID'].present? && ENV['OIDC_CLIENT_SECRET'].present?
provider :openid_connect, {
name: :oidc,
scope: [:openid, :email, :groups],
response_type: :code,
client_options: {
identifier: ENV['OIDC_CLIENT_ID'],
secret: ENV['OIDC_CLIENT_SECRET'],
redirect_uri: ENV['OIDC_REDIRECT_URI'],
discovery: true,
authorization_endpoint: nil,
token_endpoint: nil,
userinfo_endpoint: nil,
jwks_uri: nil
},
discovery_document: {
issuer: ENV['OIDC_ISSUER'] # Optional, defaults to discovery URL issuer
}
}
end
end
# Disable OmniAuth logging in production
OmniAuth.config.logger = Rails.logger if Rails.env.production?
# Set OmniAuth failure mode
OmniAuth.config.failure_raise_out_environments = %w[development test]
Reference in New Issue View Git Blame Copy Permalink