doorkeeper-gem / doorkeeper-grants_assertion Goto Github PK
View Code? Open in Web Editor NEWAssertion grant extension for Doorkeeper. Born from: https://github.com/doorkeeper-gem/doorkeeper/pull/249
License: MIT License
Assertion grant extension for Doorkeeper. Born from: https://github.com/doorkeeper-gem/doorkeeper/pull/249
License: MIT License
Please update the gemspec.
Hi guys,
I tried to integrate the Google SSO Login in my rails app.
However, I tried to test it using Postman but return this error invalid_grant which I think return 400 Bad Request.
Below are the details of my parameters:
client_id/client_secret is the value from the doorkeeper oath_applications.
grant_type must be assertion
assertion is the access token return from Google Oauth, see screenshot below:
Any idea on how to resolved this issue? Thanks
Hey @tute,
What do you need from someone in terms of maintaining this? I see there is one open PR I'd be interesting in trying to help out if I can…
Including this gem alongside doorkeeper causes: NoMethodError at /oauth/applications undefined method 'authenticate_admin!' for #<Doorkeeper::ApplicationsController:0x007f8051ce0120>
I'm POSTing the following JSON to: /oauth/token
{ "grant_type": "assertion", "assertion": "social_provider_token" }
But I'm getting the following error message:
ArgumentError (wrong number of arguments (given 1, expected 3)):
doorkeeper-grants_assertion (0.0.1) lib/doorkeeper/request/assertion.rb:10:in `initialize'
initializers/doorkeeper.rb
resource_owner_from_credentials do |routes|
User.authenticate(params[:email], params[:password], request.remote_ip)
end
resource_owner_from_assertion do
User.find(2)
end
grant_flows %w[assertion authorization_code password client_credentials]
Could you please help me?
Hi,
I've noticed the plain assertion
parameter's value is shown in my logs as well as in Rollbar reports. I think the assertion strings should be treated as secure as Doorkeeper does for authorization codes, tokens.
Maybe we can add a new initializer
block in railtie.rb
to add assertion
to app.config.filter_parameters
in the same fashion?
As @tute has stated, this gem will be released to RubyGems once it reaches it's 1.0 version. I think it is a good idea to state clearly the roadmap, i.e. what is missing and on what we should focus the development.
Do you have anything else to add?
I see that you already implemented GrantFlow registry support.
Can you please release 0.3.1 with this change?
First of all, thank you for creating this gem!
I created the auth providers for Google/FB as shown in the Wiki, however, there is a use case where a user has already signed up with a normal account in the past and then tries to log in with Facebook/Google where the email already exists. This would throw an ActiveRecord::RecordInvalid exception upon account creation, how am I supposed to get that into the response to let the user know that an account with that email already exists ?
Here is the code:
doorkeeper.rb
resource_owner_from_assertion do
provider = params[:provider]
case provider
when "google"
g = ExternalAuth::Google.new(params[:assertion])
g.get_user!
when "facebook"
f = ExternalAuth::Facebook.new(params[:assertion])
begin
f.get_user!
rescue ActiveRecord::RecordInvalid => e
#what happens here ?
end
end
end
end
facebook_auth.rb
def get_user!
if user_data.present?
user = User.where(fb_id: user_data["id"]).first
if user.blank?
user = User.new(
remote_profile_image_url: image["data"]["url"],
fb_id: user_data["id"],
firstname: user_data["first_name"],
lastname: user_data["last_name"],
email: user_data["email"]
)
user.password = SecureRandom.hex
user.save!
end
user
else
nil
end
end
So I'm not sure if we should actually be overriding Doorkeeper::ApplicationController
here it seems like whenever this gem is included it overrides all other strategies by way of fully redefining the ApplicationController
…
Can you confirm my assumption? Easy to reproduce start a new app setup doorkeeper and this gem and try to use the authorization code flow…
I'm assuming we might want to do something like class_eval
or include a helper method?
module Doorkeeper
class ApplicationController < ActionController::Base
def resource_owner_from_assertion
instance_eval(&Doorkeeper.configuration.resource_owner_from_assertion)
end
end
end
Currently I'm using facebook token to issue access_token and it works without passing client_id and client_secret.
I want to issue token only if correct client_id and client_secret is provided. And refreshing token also doesn't work when client_id and secret provided.
Hello,
I'm having trouble setting up grants_assertion with google. I've setup doorkeeper and currently have a react-native app that is getting an idToken, accessToken and code. This is doing so, by using a specific iOS Client ID.
I'm then sending the idToken
as the assertion to be checked by doorkeeper, like so:
Doorkeeper.configure do
resource_owner_from_assertion do
if server.client && params[:provider] && params[:assertion]
auth = Doorkeeper::GrantsAssertion::Devise::OmniAuth.auth_hash(
provider: params.fetch(:provider),
assertion: params.fetch(:assertion)
)
User.where(email: auth.info.email).first if auth
end
end
# add your supported grant types and other extensions
grant_flows %w(assertion authorization_code implicit password client_credentials)
end
I've setup as my env variables in rails a specific Client ID and client secret for my rails server. However, every time I try validating the passed assertion, I get the following error:
{
"error_description": "Invalid Value"
}
I've tried passing the idToken, accessToken and also directly calling Doorkeeper::GrantsAssertion::OmniAuth.oauth2_wrapper
with different combinations of client_id and client_secret, but unfortunately nothing has worked so far.
I'm using rails 7 and ruby 3. Is this library still working with Google Oauth? Any help would be appreciated, thanks.
Hi there, really excited to use your gem, however I'm running into a problem (which may well be user error).
When I submit the following request, I get an "invalid request error" from doorkeeper (I've truncated the client_id, which is a valid application_id set up through Doorkeeper at oauth/applications, and the assertion param, which contains a valid oauth token from facebook):
curl -X POST --data "client_id=609336...dc431&assertion=CA...ROpHGFK&assertion_type=facebook" http://localhost:3000/oauth/token
This is how I have set up my doorkeeper initializer:
Doorkeeper.configure do
resource_owner_from_assertion do
if params[:assertion_type] == "facebook"
facebook = URI.parse('https://graph.facebook.com/me?access_token=' +
params[:assertion])
response = Net::HTTP.get_response(facebook)
user_data = JSON.parse(response.body)
User.find_by(provider: "facebook", uid: user_data['id'])
end
end
grant_flows %w(assertion password client_credentials authorization_code implicit)
end
This returns the error:
{"error":"invalid_request","error_description":"The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed."}
Am I submitting the parameters incorrectly or missing something? Thanks for your help.
According to the specification it looks like you have to set the grant_type to a URI and I don't see anyway of setting that. From what it looks like the grant_type right now is just assertion
?
grant_type
REQUIRED. The format of the assertion as defined by the
authorization server. The value MUST be an absolute URI.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.