| 123456789101112131415161718192021222324252627282930313233343536373839404142434445 |
- # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
- class OmniAuth::Strategies::OidcDatabase < OmniAuth::Strategies::OpenIDConnect
- option :name, 'openid_connect'
- def self.setup
- auth_openid_connect_credentials = Setting.get('auth_openid_connect_credentials') || {}
- http_type = Setting.get('http_type')
- fqdn = Setting.get('fqdn')
- client_options = {
- identifier: auth_openid_connect_credentials['identifier'],
- redirect_uri: "#{http_type}://#{fqdn}/auth/openid_connect/callback",
- }
- auth_openid_connect_credentials['scope'] = %i[openid email profile] if auth_openid_connect_credentials['scope'].blank?
- auth_openid_connect_credentials['scope'] = auth_openid_connect_credentials['scope'].split.map(&:to_sym) if auth_openid_connect_credentials['scope'].is_a?(String)
- auth_openid_connect_credentials.compact_blank.merge(
- discovery: true,
- response_type: :code,
- client_options:,
- )
- end
- def self.destroy_session(env, session)
- session.delete('oidc_id_token')
- @_current_user = nil
- env['rack.session.options'][:expire_after] = nil
- session.destroy
- end
- def initialize(app, *args, &)
- args[0] = self.class.setup
- super
- end
- def decode_logout_token(logout_token)
- decode_id_token(logout_token)
- end
- end
|
