Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/omniauth/omniauth-okta

OAuth2 strategy for Okta
https://github.com/omniauth/omniauth-okta

oauth2 okta omniauth omniauth-oauth2 omniauth-strategy ruby

Last synced: about 2 hours ago
JSON representation

OAuth2 strategy for Okta

Host: GitHub
URL: https://github.com/omniauth/omniauth-okta
Owner: omniauth
License: mit
Created: 2017-06-04T20:13:49.000Z (over 7 years ago)
Default Branch: master
Last Pushed: 2023-10-06T17:55:55.000Z (about 1 year ago)
Last Synced: 2024-04-14T16:12:13.817Z (7 months ago)
Topics: oauth2, okta, omniauth, omniauth-oauth2, omniauth-strategy, ruby
Language: Ruby
Size: 35.2 KB
Stars: 39
Watchers: 8
Forks: 36
Open Issues: 9
Metadata Files:
- Readme: README.md
- License: MIT-LICENSE

Awesome Lists containing this project

README

        # OmniAuth Okta OAuth2 Strategy

Strategy to authenticate with Okta via OAuth2 in OmniAuth.

This strategy uses Okta's OpenID Connect API with OAuth2. See their [developer docs](https://developer.okta.com/docs/api/resources/oidc.html) for more details.

## Installation

Add this line to your application's Gemfile:

```ruby

gem 'omniauth-okta'

```

And then execute:

```bash

$ bundle install

```

Or install it yourself as:

```bash

$ gem install omniauth-okta

```

### OmniAuth

Here's an example for adding the middleware to a Rails app in `config/initializers/omniauth.rb`:

```ruby

Rails.application.config.middleware.use OmniAuth::Builder do

  provider :okta, ENV['OKTA_CLIENT_ID'], ENV['OKTA_CLIENT_SECRET'], {

    client_options: {

      site:                 'https://your-org.okta.com',

      authorization_server: '',

      authorize_url:        'https://your-org.okta.com/oauth2//v1/authorize',

      token_url:            'https://your-org.okta.com/oauth2//v1/token',

      user_info_url:        'https://your-org.okta.com/oauth2//v1/userinfo',

      audience:             'api://your-audience'

    }

  }

end

```

### Devise

First define your application id and secret in `config/initializers/devise.rb`.

Configuration options can be passed as the last parameter here as key/value pairs.

```ruby

config.omniauth :okta, ENV['OKTA_CLIENT_ID'], ENV['OKTA_CLIENT_SECRET'], {}

```

or add options like the following:

```ruby

  require 'omniauth-okta'

  config.omniauth(:okta,

                  ENV['OKTA_CLIENT_ID'],

                  ENV['OKTA_CLIENT_SECRET'],

                  scope: 'openid profile email',

                  fields: ['profile', 'email'],

                  client_options: {

                    site:          'https://your-org.okta.com',

                    authorize_url: 'https://your-org.okta.com/oauth2/default/v1/authorize',

                    token_url:     'https://your-org.okta.com/oauth2/default/v1/token',

                    user_info_url: 'https://your-org.okta.com/oauth2/default/v1/userinfo',

                  },

                  strategy_class: OmniAuth::Strategies::Okta)

```

Then add the following to 'config/routes.rb' so the callback routes are defined.

```ruby

devise_for :users, controllers: { omniauth_callbacks: 'users/omniauth_callbacks' }

```

Make sure your model is omniauthable. Generally this is "/app/models/user.rb"

```ruby

devise :omniauthable, omniauth_providers: [:okta]

```

## Auth Hash

Here's an example of an authentication hash available in the callback by accessing `request.env['omniauth.auth']`:

```ruby

{

  "provider" => "okta",

  "uid" => "0000000000000001",

  "info" => {

    "name" => "John Smith",

    "email" => "[email protected]",

    "first_name" => "John",

    "last_name" => "Smith",

    "image" => "https://photohosting.com/john.jpg"

  },

  "credentials" => {

    "token" => "TOKEN",

    "expires_at" => 1496617411,

    "expires" => true

  },

  "extra" => {

    "raw_info" => {

      "sub" => "0000000000000001",

      "name" => "John Smith",

      "locale" => "en-US",

      "email" => "[email protected]",

      "picture" => "https://photohosting.com/john.jpg",

      "website" => "https://example.com",

      "preferred_username" => "[email protected]",

      "given_name" => "John",

      "family_name" => "Smith",

      "zoneinfo" => "America/Los_Angeles",

      "updated_at" => 1496611646,

      "email_verified" => true

    },

    "id_token" => "TOKEN",

    "id_info" => {

      "ver" => 1,

      "jti" => "AT.D2sslkfjdsldjf899n090sldkfj",

      "iss" => "https://your-org.okta.com",

      "aud" => "https://your-org.okta.com",

      "sub" => "[email protected]",

      "iat" => 1496613811,

      "exp" => 1496617411,

      "cid" => "CLIENT_ID",

      "uid" => "0000000000000001",

      "scp" => ["email", "profile", "openid"]

    }

  }

}

```

## Contributing

1. Fork it

2. Create your feature branch (`git checkout -b my-new-feature`)

3. Commit your changes (`git commit -am 'Add some feature'`)

4. Push to the branch (`git push origin my-new-feature`)

5. Create new Pull Request

## License

The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).