Open aharpervc opened 5 years ago
I found this issue wondering the same thing.
I looked over the omniauth-google-oauth2 gem which allows this functionality. Check out this method
I updated my okta initializer to something like this to get the behavior I wanted:
# /initializer/okta.rb
class OmniAuth::Strategies::Okta < OmniAuth::Strategies::OAuth2
option :authorize_options, %w(login_hint some other options)
def authorize_params
super.tap do |params|
options[:authorize_options].each do |k|
params[k] = request.params[k.to_s] unless [nil, '', []].include?(request.params[k.to_s])
end
end
end
end
Rails.application.config.middleware.use OmniAuth::Builder do
provider :okta, ENV['OKTA_CLIENT_ID'], ENV['OKTA_CLIENT_SECRET'], {
client_options: {
site: 'https://your-org.okta.com',
authorization_server: '<authorization_server>',
authorize_url: 'https://your-org.okta.com/oauth2/<authorization_server>/v1/authorize',
token_url: 'https://your-org.okta.com/oauth2/<authorization_server>/v1/token',
user_info_url: 'https://your-org.okta.com/oauth2/<authorization_server>/v1/userinfo',
audience: 'api://your-audience'
}
}
end
Hope that helps get the gears turning.
Per this support question I found, Okta supports sending a username to their form by sending
login_hint
as a query string param with authorization requests.Is that possible to do with this gem? Is there a way to send custom query string parameters?