Ask A Question

Notifications

You’re not receiving notifications from this thread.

How do I implement OpenID Connect into my Rails application?

Adam Tarantino asked in Gems / Libraries

Does anyone have experience with implementing OpenID Connect into a Rails app? Specifically the relying party (RP) rather the openid connect provider (OP).

I have investigated a couple different resources but it's confusing. In my case, our application would be the RP and we would be provided a client id and client secret from the provider.

https://github.com/nov/openid_connect
https://github.com/jjbohn/omniauth-openid-connect.

It'd be great to see an episode on this!

Any feedback is appreciated,
Thanks

Reply

I don't know a whole lot about OpenID and it's always been a little confusing to me when I've read about it.

I think that if you used the omniauth-openid-connect with this episode and replaced the Twitter omniauth gem with that one, you could do it with relatively easy changes: https://gorails.com/episodes/omniauth-twitter-sign-in

Do you have an example of one that you'd like to see?

Reply

Thanks for the quick response Chris.

From what I've gathered online, plain ole OpenID is meant for authentication, OAuth is meant for authorization, and OpenID Connect was built on top of OAuth to provide authentication as well (so confusing). http://security.stackexchange.com/questions/44611/difference-between-oauth-openid-and-openid-connect-in-very-simple-term

I managed to get omniauth-twitter to work with Devise (which was pretty straight forward) and currently attempting to use the omniauth-openid-connect gem as a drop-in replacement for the config.omniauth settings within the devise.rb initializer.

In my situation, the openid provider will soon whitelist a static IP where my rails app will live. They are also supposed to supply us with a client ID and secret as well (similar to the twitter example). In the meantime we have been trying to setup a client (relying party) and provider locally in order to test whether it's working or not. We've attempted to use the sample projects from https://github.com/nov/openid_connect but for some reason hasn't been working out (though the samples hosted through heroku seem to work just fine).

Hopefully the provider will do their part so we can test our client code. I have a feeling it will work with a legit openid-connect provider rather than a locally running one.

Thanks for letting me bounce ideas off you. Your videos in general are very helpful and I really enjoy them. If anyone else has experience with this, I'd really appreciate the help. If we figure this out I will post our solution here.

Reply

Did you ever get the setup of your client (relying party) and provider locally to work together? I'm working on this right now and having trouble setting up a way to test if this is working or not.

Reply

Recently, I created an identity service using Doorkeeper and Devise. To provide additional functionality for our clients, I utilized a Doorkeeper extension called doorkeeper-openid_connect for our federation service. We also integrated omniauth_openid_connect to enable our users to authenticate through OpenID services such as Microsoft. Additionally, I recommend reviewing the source code for GitLab at https://gitlab.com/gitlab-org/gitlab/ as it offers insight into how the protocol works. Although we did not follow that specific approach, it was informative for us.

Reply

Thank you for the lead on the doorkeeper-openid_connect. I'm in the process of setting that up for our application now.

Reply

Could you please provide me a lead or point to any github source on the changes required in rails code. I tried doorkeeper open id connect, we already use doorkeeper for oauth but something is not working.

Reply
Join the discussion
Create an account Log in

Want to stay up-to-date with Ruby on Rails?

Join 86,563+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.