X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/2d4263c16812a906589cbc13be26535a85691bd8..a25971cae157b6bc40037e391db226da36dc9b30:/services/api/lib/josh_id.rb

diff --git a/services/api/lib/josh_id.rb b/services/api/lib/josh_id.rb
index 25656a9781..a7e8ff2fc8 100644
--- a/services/api/lib/josh_id.rb
+++ b/services/api/lib/josh_id.rb
@@ -25,21 +25,29 @@ module OmniAuth
           'raw_info' => raw_info
         }
       end
-      
+
+      def authorize_params
+        options.authorize_params[:auth_provider] = request.params['auth_provider']
+        super
+      end
+
       def client
         options.client_options[:site] = options[:custom_provider_url]
         options.client_options[:authorize_url] = "#{options[:custom_provider_url]}/auth/josh_id/authorize"
         options.client_options[:access_token_url] = "#{options[:custom_provider_url]}/auth/josh_id/access_token"
+        if Rails.configuration.sso_insecure
+          options.client_options[:ssl] = {verify_mode: OpenSSL::SSL::VERIFY_NONE}
+        end
         ::OAuth2::Client.new(options.client_id, options.client_secret, deep_symbolize(options.client_options))
       end
 
       def callback_url
-        full_host + script_name + callback_path + query_string
+        full_host + script_name + callback_path + "?return_to=" + CGI.escape(request.params['return_to'] || '')
       end
 
       def raw_info
         @raw_info ||= access_token.get("/auth/josh_id/user.json?oauth_token=#{access_token.token}").parsed
       end
-    end 
+    end
   end
 end