closes #9587
[arvados.git] / services / api / lib / josh_id.rb
1 require 'omniauth-oauth2'
2 module OmniAuth
3   module Strategies
4     class JoshId < OmniAuth::Strategies::OAuth2
5
6       args [:client_id, :client_secret, :custom_provider_url]
7
8       option :custom_provider_url, ''
9
10       uid { raw_info['id'] }
11
12       option :client_options, {}
13
14       info do
15         {
16           :first_name => raw_info['info']['first_name'],
17           :last_name => raw_info['info']['last_name'],
18           :email => raw_info['info']['email'],
19           :identity_url => raw_info['info']['identity_url'],
20           :username => raw_info['info']['username'],
21         }
22       end
23
24       extra do
25         {
26           'raw_info' => raw_info
27         }
28       end
29
30       def authorize_params
31         options.authorize_params[:auth_provider] = request.params['auth_provider']
32         super
33       end
34
35       def client
36         options.client_options[:site] = options[:custom_provider_url]
37         options.client_options[:authorize_url] = "#{options[:custom_provider_url]}/auth/josh_id/authorize"
38         options.client_options[:access_token_url] = "#{options[:custom_provider_url]}/auth/josh_id/access_token"
39         if Rails.configuration.sso_insecure
40           options.client_options[:ssl] = {verify_mode: OpenSSL::SSL::VERIFY_NONE}
41         end
42         ::OAuth2::Client.new(options.client_id, options.client_secret, deep_symbolize(options.client_options))
43       end
44
45       def callback_url
46         full_host + script_name + callback_path + "?return_to=" + CGI.escape(request.params['return_to'] || '')
47       end
48
49       def raw_info
50         @raw_info ||= access_token.get("/auth/josh_id/user.json?oauth_token=#{access_token.token}").parsed
51       end
52     end
53   end
54 end