This library implements an OpenID Connect authentication provider for Rails applications on top of the Doorkeeper OAuth 2.0 framework.
OpenID Connect is a single-sign-on and identity layer with a growing list of server and client implementations. If you're looking for a client in Ruby check out omniauth_openid_connect.
The following parts of OpenID Connect Core 1.0 are currently supported:
- Authentication using the Authorization Code Flow
- Authentication using the Implicit Flow
- Requesting Claims using Scope Values
- UserInfo Endpoint
- Normal Claims
- OAuth 2.0 Form Post Response Mode
- OAuth 2.0 Dynamic Client Registration Protocol
In addition, we also support most of OpenID Connect Discovery 1.0 for automatic configuration discovery.
Take a look at the DiscoveryController for more details on supported features.
- Doorkeeper's API mode (
Doorkeeper.configuration.api_only) is not properly supported yet
Make sure your application is already set up with Doorkeeper.
Add this line to your application's Gemfile and run bundle install:
gem 'doorkeeper-openid_connect'Run the installation generator to update routes and create the initializer:
rails generate doorkeeper:openid_connect:installGenerate a migration for Active Record (other ORMs are currently not supported):
rails generate doorkeeper:openid_connect:migration
rake db:migrateIf you're upgrading from an earlier version, check Migration from old versions wiki and CHANGELOG.md for upgrade instructions.
See the wiki for detailed configuration instructions, including:
Run bundle install to setup all development dependencies.
To run all specs:
bundle exec rake specTo generate and run migrations in the test application:
bundle exec rake migrateTo run the local engine server:
bundle exec rake serverBy default, the latest Rails version is used. To use a specific version run:
rails=7.2 bundle update
Doorkeeper::OpenidConnect is released under the MIT License.
Initial development of this project was sponsored by PlayOn! Sports.