From 66cf5eb5b46558c4f31dd5c8d088963f3e4b5c08 Mon Sep 17 00:00:00 2001 From: Emelia Smith Date: Wed, 24 Jul 2024 22:58:16 +0200 Subject: [PATCH] Add support for PKCE Extension in OmniAuth OIDC This is only a binary option, since there's only two code_challenge_methods, and plain should not be used, and OmniAuth uses S256 by default --- config/initializers/3_omniauth.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/config/initializers/3_omniauth.rb b/config/initializers/3_omniauth.rb index aa8ba1a056e..0f8378ee145 100644 --- a/config/initializers/3_omniauth.rb +++ b/config/initializers/3_omniauth.rb @@ -84,6 +84,7 @@ Devise.setup do |config| oidc_options[:response_mode] = ENV['OIDC_RESPONSE_MODE'] if ENV['OIDC_RESPONSE_MODE'] # OPTIONAL (default: query) oidc_options[:display] = ENV['OIDC_DISPLAY'] if ENV['OIDC_DISPLAY'] # OPTIONAL (default: page) oidc_options[:prompt] = ENV['OIDC_PROMPT'] if ENV['OIDC_PROMPT'] # OPTIONAL + oidc_options[:pkce] = ENV['OIDC_USE_PKCE'] == 'true' if ENV['OIDC_USE_PKCE'] # OPTIONAL (default: false) oidc_options[:send_nonce] = ENV['OIDC_SEND_NONCE'] == 'true' if ENV['OIDC_SEND_NONCE'] # OPTIONAL (default: true) oidc_options[:send_scope_to_token_endpoint] = ENV['OIDC_SEND_SCOPE_TO_TOKEN_ENDPOINT'] == 'true' if ENV['OIDC_SEND_SCOPE_TO_TOKEN_ENDPOINT'] # OPTIONAL (default: true) oidc_options[:post_logout_redirect_uri] = ENV['OIDC_IDP_LOGOUT_REDIRECT_URI'] if ENV['OIDC_IDP_LOGOUT_REDIRECT_URI'] # OPTIONAL