search

omniauth / omniauth-okta

OAuth2 strategy for Okta
MIT License
41 stars 37 forks source link

How to add omniauth-okta without devise ? #19

Closed rusikf closed 3 years ago

rusikf commented 3 years ago

Hi!

I added this code with credentials

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :okta, ENV['OKTA_CLIENT_ID'], ENV['OKTA_CLIENT_SECRET'], {
    client_options: {
      site:                 'https://your-org.okta.com',
      authorization_server: '<authorization_server>',
      authorize_url:        'https://your-org.okta.com/oauth2/<authorization_server>/v1/authorize',
      token_url:            'https://your-org.okta.com/oauth2/<authorization_server>/v1/token',
      user_info_url:        'https://your-org.okta.com/oauth2/<authorization_server>/v1/userinfo',
      audience:             'api://your-audience'
    }
  }
end

But after restart rails I go to /auth/okta and receive :404 According to the docs I need to pass provider name ( https://github.com/omniauth/omniauth#integrating-omniauth-into-your-application)

Can you please describe, what cause a problem ? Update: this fork works without devise (https://github.com/andrewvanbeek-okta/omniauth-oktaoauth)

rusikf commented 3 years ago

If somebody helps: Resolved + with ability to set credentials dynamically : 

module Okta
  class DynamicCredentials
    def initialize(env)
      @env = env
    end
    attr_reader :env
    def call
      request = Rack::Request.new(env)
      settings = Model.get_settings # get dynamic credentials from database
 client_options: {
          site:                 host,
          authorize_url:        "#{host}/oauth2/v1/authorize",
          token_url:            "#{host}/oauth2/v1/token",
          user_info_url:        "#{host}/oauth2/v1/userinfo"
        },
        authorize_params: {
          idp: settings['idp'] # For this param I added specific extension to overrite state param
        },
        redirect_uri: okta_redirect_uri,
        client_id: settings['client_id'],
        client_secret: settings['client_secret']
}
     end
end
OmniAuth.config.logger = Rails.logger
OmniAuth.config.request_validation_phase = false # Need because of csrf issues for auth omniauth POST request
OmniAuth.config.on_failure = Api::OktaController.action(:oauth_failure)

OKTA_SETUP = lambda do |env|
  credentials = Okta::DynamicCredentials.new(env).call
  env['omniauth.strategy'].options.merge!(credentials)
end

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :okta, nil, nil, {
    setup: OKTA_SETUP,
    strategy_class: OmniAuth::Strategies::Okta,
    provider_ignores_state: true # https://github.com/omniauth/omniauth-oauth2/issues/95
  }
end