openid-connect-ruby

A literal, not so idiomatic ruby port of Michael Jett's excellent OpenID Connect library for PHP.

Requirements

• curb

Installation

gem install openid_connect_client

Usage

The process is just like oAuth authentication. It's done in two steps: first, you'll request authorization, and redirect the user to the OpenID Connect provider. If your app gets authorized, then the provider will redirect the user back to your callback url, where you'll be able to ask the provider for the user data.

See example.rb

On the login controller

# 1. Client setup, ideally done in a helper method
oidc = OpenIDConnectClient::Client.new('https://provider.com/openid', 'CLIENT_ID', 'SECRET')
oidc.redirect_url = "http://yourweb.com/callback"
oidc.scopes = "openid email profile address phone"

# 2. Request authorization
oidc.authorize()

# 3. Save state in session        
session[:state] = oidc.state

# 4. Redirect user to OpenID Connect provider
redirect_to(oidc.auth_endpoint)

On the callback controller

# 1. Client setup, ideally done in a helper method
oidc = OpenIDConnectClient::Client.new('https://provider.com/openid', 'CLIENT_ID', 'SECRET')
oidc.redirect_url = "http://yourweb.com/callback"
oidc.scopes = "openid email profile address phone"

# 2. Restore state
oidc.state = session[:state]

# 3. Pass the authorization parameters sent by the provider
oidc.params = request.parameters

# 4. Authenticate your app against the provider
oidc.authenticate()

# 5. Fetch the user's details     
given_name = oidc.get('given_name')
email = oidc.get('email')
address = oidc.get('address')