4570: Workbench/API server support for multiple authentication providers on the SSO...
[arvados.git] / services / api / lib / josh_id.rb
1 require 'omniauth-oauth2'
2 module OmniAuth
3   module Strategies
4     class JoshId < OmniAuth::Strategies::OAuth2
5
6       args [:client_id, :client_secret, :custom_provider_url]
7
8       option :custom_provider_url, ''
9
10       uid { raw_info['id'] }
11
12       option :client_options, {}
13
14       info do
15         {
16           :first_name => raw_info['info']['first_name'],
17           :last_name => raw_info['info']['last_name'],
18           :email => raw_info['info']['email'],
19           :identity_url => raw_info['info']['identity_url'],
20         }
21       end
22
23       extra do
24         {
25           'raw_info' => raw_info
26         }
27       end
28
29       def authorize_params
30         options.authorize_params[:auth_method] = request.params['auth_method']
31         super
32       end
33
34       def client
35         options.client_options[:site] = options[:custom_provider_url]
36         options.client_options[:authorize_url] = "#{options[:custom_provider_url]}/auth/josh_id/authorize"
37         options.client_options[:access_token_url] = "#{options[:custom_provider_url]}/auth/josh_id/access_token"
38         if Rails.configuration.sso_insecure
39           options.client_options[:ssl] = {verify_mode: OpenSSL::SSL::VERIFY_NONE}
40         end
41         ::OAuth2::Client.new(options.client_id, options.client_secret, deep_symbolize(options.client_options))
42       end
43
44       def callback_url
45         full_host + script_name + callback_path + "?return_to=" + CGI.escape(request.params['return_to'])
46       end
47
48       def raw_info
49         @raw_info ||= access_token.get("/auth/josh_id/user.json?oauth_token=#{access_token.token}").parsed
50       end
51     end
52   end
53 end