Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add OIDC strategy for Identity #234

Merged
merged 1 commit into from
Jul 13, 2023
Merged

Add OIDC strategy for Identity #234

merged 1 commit into from
Jul 13, 2023

Conversation

felixclack
Copy link
Contributor

@felixclack felixclack commented Jul 6, 2023
edited
Loading

The Identity service is an OpenID Connect provider. Changing the
strategy we use with OmniAuth can make this more obvious.

We currently have implemented the OAuth2 strategy for Identity and
extended it to take advantage of the OIDC logout feature.

Switching to an OIDC strategy makes it more obvious what features the
Identity service provides. It also, hopefully, makes things clearer for
any future maintainer of the code.

Link to Trello card

https://trello.com/c/85JumIaw/1090-switch-quals-to-use-an-oidc-strategy-for-identity

Checklist

  • Attach to Trello card
  • Rebased main
  • Cleaned commit history
  • Tested by running locally

malcolmbaig
malcolmbaig reviewed Jul 6, 2023
View reviewed changes
Copy link
Contributor

@malcolmbaig malcolmbaig left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice one, thanks for picking up 👍🏼 . A few comments left inline.

@felixclack felixclack force-pushed the identity-oidc branch 4 times, most recently from f6653b4 to 084f094 Compare July 10, 2023 09:49
@felixclack
Copy link
Contributor Author

felixclack commented Jul 11, 2023 via email

@malcolmbaig
Copy link
Contributor

malcolmbaig commented Jul 11, 2023
edited
Loading

This is strange because I get the opposite error on the main branch.

Sorry, ignore! Removed my original comment because I realised I hadn't tested it properly. Needed a server restart. All good as far as this attribute is concerned.

malcolmbaig
malcolmbaig reviewed Jul 12, 2023
View reviewed changes
config/initializers/omniauth.rb Outdated
callback_path: "/check-records/auth/dfe/callback",
client_options: {
host: dfe_sign_in_issuer_uri&.host,
identifier: ENV.fetch("DFE_SIGN_IN_CLIENT_ID", "example"),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if it'd be better to set a precedent and drop the default "example' value in these options? Useful for the app to crash early (during an attempt at starting the server in the dev environment, for example) so that we can pick up any misconfiguration before getting to prod.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Made the suggested change as separate PR as it isn't directly related to this change.

#244

felixclack added a commit that referenced this pull request Jul 13, 2023
@felixclack
Remove default values for OIDC configuration
7a6cfd1 
In a [discussion on a different PR](#234 (comment)),
there was a suggestion
to remove the default values from the OIDC configuration to trigger
misconfiguration messages sooner, eg. on app startup.

The idea is that this would make development better as any
misconfiguration error would be clearer.
@felixclack felixclack mentioned this pull request Jul 13, 2023
Merged
4 tasks
felixclack added a commit that referenced this pull request Jul 13, 2023
@felixclack
Remove default values for OIDC configuration
e820b2f 
In a [discussion on a different PR](#234 (comment)),
there was a suggestion
to remove the default values from the OIDC configuration to trigger
misconfiguration messages sooner, eg. on app startup.

The idea is that this would make development better as any
misconfiguration error would be clearer.
@felixclack felixclack force-pushed the identity-oidc branch 3 times, most recently from d77e5dd to cb09c8d Compare July 13, 2023 07:42
felixclack added a commit that referenced this pull request Jul 13, 2023
@felixclack
Remove default values for OIDC configuration
73a8ea8 
In a [discussion on a different PR](#234 (comment)),
there was a suggestion
to remove the default values from the OIDC configuration to trigger
misconfiguration messages sooner, eg. on app startup.

The idea is that this would make development better as any
misconfiguration error would be clearer.
@felixclack
Add OIDC strategy for Identity
c99759f 
The Identity service is an OpenID Connect provider. Changing the
strategy we use with OmniAuth can make this more obvious.

We currently have implemented the OAuth2 strategy for Identity and
extended it to take advantage of the OIDC logout feature.

Switching to an OIDC strategy makes it more obvious what features the
Identity service provides. It also, hopefully, makes things clearer for
any future maintainer of the code.
@felixclack felixclack merged commit da0e478 into main Jul 13, 2023
12 checks passed
@felixclack felixclack deleted the identity-oidc branch July 13, 2023 09:55
@felixclack felixclack temporarily deployed to review July 13, 2023 09:56 — with GitHub Actions Inactive
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@malcolmbaig malcolmbaig malcolmbaig left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@felixclack @malcolmbaig