Adding support for logging in with the TATRC OIDC IdP

Gemfile

@@ -13,6 +13,7 @@ gem 'heroku'
 gem "nokogiri"
 gem 'devise'
 gem 'devise_oauth2_providable', :git => 'https://github.com/rdingwell/devise_oauth2_providable.git',:branch => "master" 
+gem 'omniauth_openid_connect', :git => "https://github.com/project-rhex/omniauth_openid_connect.git"
 
 gem 'omniauth'
 gem 'omniauth-openid'

Gemfile.lock

@@ -10,6 +10,15 @@ GIT
       nokogiri (>= 1.4.4)
       uuid (~> 2.3.4)
 
+GIT
+  remote: https://github.com/project-rhex/omniauth_openid_connect.git
+  revision: b12d89d5744b0fcf766b6e12e1fc6c2b2c4382df
+  specs:
+    omniauth_openid_connect (0.2.0)
+      omniauth (~> 1.0)
+      openid_connect (= 0.2.0.alpha3)
+      rack-oauth2
+
 GIT
   remote: https://github.com/rdingwell/devise_oauth2_providable.git
   revision: 99d0ca56786f86a8e28875d462c99f9e344ac2f9
@@ -128,6 +137,11 @@ GEM
       railties (>= 3.1.0, < 5.0)
       thor (~> 0.14)
     json (1.7.5)
+    json-jwt (0.1.8)
+      activesupport (>= 2.3)
+      i18n
+      json (>= 1.4.3)
+      url_safe_base64
     kaminari (0.13.0)
       actionpack (>= 3.0.0)
       activesupport (>= 3.0.0)
@@ -168,6 +182,16 @@ GEM
     omniauth-openid (1.0.1)
       omniauth (~> 1.0)
       rack-openid (~> 1.3.1)
+    openid_connect (0.2.0.alpha3)
+      activemodel (>= 3)
+      attr_required (>= 0.0.5)
+      json (>= 1.4.3)
+      json-jwt (>= 0.0.3)
+      rack-oauth2 (>= 0.14.2)
+      swd (>= 0.1.2)
+      tzinfo
+      validate_email
+      validate_url
     orm_adapter (0.4.0)
     polyglot (0.3.3)
     pry (0.9.10)
@@ -226,6 +250,12 @@ GEM
       hike (~> 1.2)
       rack (~> 1.0)
       tilt (~> 1.1, != 1.3.0)
+    swd (0.1.2)
+      activesupport (>= 3)
+      attr_required (>= 0.0.5)
+      httpclient (>= 2.2.1)
+      i18n
+      json (>= 1.4.3)
     symbolize (4.2.0)
     systemu (2.5.2)
     therubyracer (0.10.2)
@@ -245,8 +275,14 @@ GEM
     uglifier (1.2.7)
       execjs (>= 0.3.0)
       multi_json (~> 1.3)
+    url_safe_base64 (0.2.1)
     uuid (2.3.5)
       macaddr (~> 1.0)
+    validate_email (0.1.6)
+      activemodel (>= 3.0)
+      mail (>= 2.2.5)
+    validate_url (0.2.0)
+      activemodel (>= 3.0.0)
     warden (1.2.1)
       rack (>= 1.0)
     webmock (1.8.9)
@@ -275,6 +311,7 @@ DEPENDENCIES
   nokogiri
   omniauth
   omniauth-openid
+  omniauth_openid_connect!
   pry
   pry-nav
   rails (= 3.2.8)

app/views/authentications/index.html.erb

@@ -20,7 +20,7 @@
   <p><strong>Sign in through one of these services:</strong></p>
 <% end %>
 
-<a href="/auth/open_id" class="auth_provider">
+<a href="/auth/openid_connect" class="auth_provider">
   <%= image_tag "openid_64.png", :size => "64x64", :alt => "OpenID" %>
   OpenID
 </a>

app/views/devise/sessions/new.html.erb

@@ -41,7 +41,7 @@
   <h3>Select an identity provider</h3>
   <table><tr>
       <td>
-        <a href="/auth/open_id" class="auth_provider">
+        <a href="/auth/openid_connect" class="auth_provider">
         <%= image_tag "open_id_large.png", :class => "tag", :alt => "OpenID" %>
         </a>
       </td>

config/initializers/omniauth.rb

@@ -3,4 +3,11 @@
 Rails.application.config.middleware.use OmniAuth::Builder do
    provider :open_id, store: OpenID::Store::Filesystem.new('/tmp')
    provider :developer unless Rails.env.production?
+   provider :openid_connect, 'direct.stormwoods.info','67f31a9c-ca13-11e1-bc1d-000c297fba10','7fae4ef2-cca7-11e1-bd23-000c297fba10',{:authorization_endpoint => "/tatrc-openid-connect-server/authorize"  ,
+                :user_info_endpoint=>"/tatrc-openid-connect-server/userinfo", 
+                :token_endpoint =>"/tatrc-openid-connect-server/token", 
+                :jwk_url=>"/tatrc-openid-connect-server/jwk",
+                :issuer=>"http://localhost/",
+                :scope=>"openid profile email",
+                :client_options =>{:scheme=>"http", :port=>8080}}
 end