omniauth-openid icon indicating copy to clipboard operation
omniauth-openid copied to clipboard
verified publisher icon omniauth

OpenID Connect Discovery support?

Open jaybloke opened this issue 7 years ago • 2 comments

All installed ok, but unable to connect to my Keycloak identity provider. Config:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :open_id, :store => OpenID::Store::Filesystem.new('/tmp'), :name => 'openid', identifier: 'https://identity.provider.io/auth/realms/team/.well-known/openid-configuration'
end

Unfortunately, all I get is a 'OmniAuth::Error (connection_failed)' exception.

Started GET "/auth/openid" for 127.0.0.1 at 2018-02-14 09:38:02 +0800
   (0.9ms)  SELECT "schema_migrations"."version" FROM "schema_migrations" ORDER BY "schema_migrations"."version" ASC
I, [2018-02-14T09:38:02.200971 #25253]  INFO -- omniauth: (openid) Request phase initiated.
E, [2018-02-14T09:38:02.953763 #25253] ERROR -- omniauth: (openid) Authentication failure! connection_failed encountered.
  
OmniAuth::Error (connection_failed):
  
omniauth (1.8.1) lib/omniauth/failure_endpoint.rb:25:in `raise_out!'
omniauth (1.8.1) lib/omniauth/failure_endpoint.rb:20:in `call'
omniauth (1.8.1) lib/omniauth/failure_endpoint.rb:12:in `call'
omniauth (1.8.1) lib/omniauth/strategy.rb:486:in `fail!'
omniauth-openid (1.0.1) lib/omniauth/strategies/open_id.rb:56:in `start'
omniauth-openid (1.0.1) lib/omniauth/strategies/open_id.rb:48:in `request_phase'
omniauth (1.8.1) lib/omniauth/strategy.rb:224:in `request_call'
omniauth (1.8.1) lib/omniauth/strategy.rb:187:in `call!'
omniauth (1.8.1) lib/omniauth/strategy.rb:168:in `call'
omniauth (1.8.1) lib/omniauth/strategy.rb:190:in `call!'
omniauth (1.8.1) lib/omniauth/strategy.rb:168:in `call'
omniauth (1.8.1) lib/omniauth/builder.rb:63:in `call'
http_accept_language (2.1.1) lib/http_accept_language/middleware.rb:14:in `call'
rack-attack (5.0.1) lib/rack/attack.rb:140:in `call'
remotipart (1.3.1) lib/remotipart/middleware.rb:32:in `call'
rack (2.0.3) lib/rack/etag.rb:25:in `call'
rack (2.0.3) lib/rack/conditional_get.rb:25:in `call'
rack (2.0.3) lib/rack/head.rb:12:in `call'
rack (2.0.3) lib/rack/session/abstract/id.rb:232:in `context'
rack (2.0.3) lib/rack/session/abstract/id.rb:226:in `call'
actionpack (5.1.3) lib/action_dispatch/middleware/cookies.rb:613:in `call'
activerecord (5.1.3) lib/active_record/migration.rb:556:in `call'
actionpack (5.1.3) lib/action_dispatch/middleware/callbacks.rb:26:in `block in call'
activesupport (5.1.3) lib/active_support/callbacks.rb:97:in `run_callbacks'
actionpack (5.1.3) lib/action_dispatch/middleware/callbacks.rb:24:in `call'
actionpack (5.1.3) lib/action_dispatch/middleware/executor.rb:12:in `call'
actionpack (5.1.3) lib/action_dispatch/middleware/debug_exceptions.rb:59:in `call'
web-console (3.5.1) lib/web_console/middleware.rb:135:in `call_app'
web-console (3.5.1) lib/web_console/middleware.rb:28:in `block in call'
web-console (3.5.1) lib/web_console/middleware.rb:18:in `catch'
web-console (3.5.1) lib/web_console/middleware.rb:18:in `call'
actionpack (5.1.3) lib/action_dispatch/middleware/show_exceptions.rb:31:in `call'
railties (5.1.3) lib/rails/rack/logger.rb:36:in `call_app'
railties (5.1.3) lib/rails/rack/logger.rb:24:in `block in call'
activesupport (5.1.3) lib/active_support/tagged_logging.rb:69:in `block in tagged'
activesupport (5.1.3) lib/active_support/tagged_logging.rb:26:in `tagged'
activesupport (5.1.3) lib/active_support/tagged_logging.rb:69:in `tagged'
railties (5.1.3) lib/rails/rack/logger.rb:24:in `call'
sprockets-rails (3.2.1) lib/sprockets/rails/quiet_assets.rb:13:in `call'
actionpack (5.1.3) lib/action_dispatch/middleware/remote_ip.rb:79:in `call'
actionpack (5.1.3) lib/action_dispatch/middleware/request_id.rb:25:in `call'
rack (2.0.3) lib/rack/method_override.rb:22:in `call'
rack (2.0.3) lib/rack/runtime.rb:22:in `call'
actionpack (5.1.3) lib/action_dispatch/middleware/executor.rb:12:in `call'
actionpack (5.1.3) lib/action_dispatch/middleware/static.rb:125:in `call'
rack (2.0.3) lib/rack/sendfile.rb:111:in `call'
railties (5.1.3) lib/rails/engine.rb:522:in `call'
puma (3.8.2) lib/puma/configuration.rb:224:in `call'
puma (3.8.2) lib/puma/server.rb:600:in `handle_request'
puma (3.8.2) lib/puma/server.rb:435:in `process_client'
puma (3.8.2) lib/puma/server.rb:299:in `block in run'
puma (3.8.2) lib/puma/thread_pool.rb:120:in `block in spawn_thread'

jaybloke avatar Feb 14 '18 01:02 jaybloke

I'm having similar issues, but I think you might have the identifier URL wrong. I'm having trouble getting it right too, but if you visit the url you have listed in your browser, it should return a bunch of configs. Among them is the correct URL which is something similar to:

https://identity.provider.io/auth/realms/team/protocol/openid-connect/auth?client_id=yourclientid&response_type=code

Right now I'm running into a different error though. I'm not sure if response_type is correct or if this library supports response type code.

lancecarlson avatar Apr 18 '18 18:04 lancecarlson

OK, from what it looks like, we should actually be using oauth2. Open ID Connect is a superset of OAuth 2 and is not compatible with Open ID.

lancecarlson avatar Apr 18 '18 19:04 lancecarlson