How do I implement OpenID Connect into my Rails application?
Does anyone have experience with implementing OpenID Connect into a Rails app? Specifically the relying party (RP) rather the openid connect provider (OP).
I have investigated a couple different resources but it's confusing. In my case, our application would be the RP and we would be provided a client id and client secret from the provider.
It'd be great to see an episode on this!
Any feedback is appreciated,
I don't know a whole lot about OpenID and it's always been a little confusing to me when I've read about it.
I think that if you used the omniauth-openid-connect with this episode and replaced the Twitter omniauth gem with that one, you could do it with relatively easy changes: https://gorails.com/episodes/omniauth-twitter-sign-in
Do you have an example of one that you'd like to see?
Thanks for the quick response Chris.
From what I've gathered online, plain ole OpenID is meant for authentication, OAuth is meant for authorization, and OpenID Connect was built on top of OAuth to provide authentication as well (so confusing). http://security.stackexchange.com/questions/44611/difference-between-oauth-openid-and-openid-connect-in-very-simple-term
I managed to get omniauth-twitter to work with Devise (which was pretty straight forward) and currently attempting to use the omniauth-openid-connect gem as a drop-in replacement for the config.omniauth settings within the devise.rb initializer.
In my situation, the openid provider will soon whitelist a static IP where my rails app will live. They are also supposed to supply us with a client ID and secret as well (similar to the twitter example). In the meantime we have been trying to setup a client (relying party) and provider locally in order to test whether it's working or not. We've attempted to use the sample projects from https://github.com/nov/openid_connect but for some reason hasn't been working out (though the samples hosted through heroku seem to work just fine).
Hopefully the provider will do their part so we can test our client code. I have a feeling it will work with a legit openid-connect provider rather than a locally running one.
Thanks for letting me bounce ideas off you. Your videos in general are very helpful and I really enjoy them. If anyone else has experience with this, I'd really appreciate the help. If we figure this out I will post our solution here.