GoSSO

This is a plugin to protect applications from access by unauthorized users. You need to have your own OAuth server as SSO(Single Sign On) server then install this plugin to each application need to be protected.

Set the SSO server secrets through environment variables:

GO_SSO_CLIENT_ID=
GO_SSO_CLIENT_SECRET=
GO_SSO_CLIENT_SITE=

Create a initializer file for other configurations:

GoSso.setup do |config|
  config.client_id # GO_SSO_CLIENT_ID
  config.client_secret # GO_SSO_CLIENT_SECRET
  config.site # GO_SSO_CLIENT_SITE
  config.user_json_url # default: 'api/me'
  config.user_cache_ttl # default 1.minute
  config.main_app_module_name # default is your host app module name
  config.host # set to your app host
  config.fake_user_json # set this options for development or test environment only
end

You must implement api/me to response user information in JSON format which provides applications attribute at least. applications is an array of strings.

Add before :authenticate_sso_user_permission to application controllers. Pages with this hook will be protected. If current_sso_user is not present, redirect users to SSO to login. Users can access the protected page only if after login and their applications attribute contains main_app_module_name

You can access current user in views or controllers via current_sso_user.

In a development environment, it is probably without SSO server support. When fake_user_json option is set, users will always login successfully and its user JSON will be fake_user_json:

GoSso.setup do |config|
  # other configurations...
  if Rails.env.development?
    config.fake_user_json = { uid: 1, email: '[email protected]' }
  end
end