I need some help in configuring omniauth_openid_connect gem (https://github.com/omniauth/omniauth_openid_connect). I have two endpoints one for Authorization and another for token:
Authorization endpoint: https://oauth.provider.com/authorize
Token endpoint: https://oauth-secured.provider.com/token
as you can see eachone has a different host, but are the same provider, Im not sure how to configure this in the gem as you can only specify one host
config.omniauth :openid_connect,
{
name: :openid_connect,
scope: [:openid],
issuer: "oauth.provider.com"
response_type: :code,
discovery: :true,
client_options:
{
port: 443,
scheme: "https",
host: "oauth.provider.com",
authorization_endpoint: "/authorize",
token_endpoint: "/token", #How to specify here correctly https://oauth-secured.provider.com/token
identifier: 'CLIENT_ID',
secret: 'CLIENT_SECRET',
redirect_uri: "https://myapp.com/users/auth/openid_connect/callback",
},
}
Doesn't look like that's configurable. The client only takes one host and endpoints are relative to the host. Configuration eventually ends up in Rack::OAuth2::Client:
Rack::OAuth2::Client has an absolute_uri_for method and looks like endpoints go through it.
def absolute_uri_for(endpoint)
_endpoint_ = Util.parse_uri endpoint
_endpoint_.scheme ||= self.scheme || 'https'
# NOTE: just one host
_endpoint_.host ||= self.host
_endpoint_.port ||= self.port
raise 'No Host Info' unless _endpoint_.host
_endpoint_.to_s
end
I'm only guessing here:
Rack::OAuth2::Client.class_eval do
private
def absolute_uri_for(endpoint) # endpoint # => /token or /authorize ...
_endpoint_ = Util.parse_uri endpoint
_endpoint_.scheme ||= self.scheme || 'https'
# NOTE: now there are two
_endpoint_.host = if endpoint == "/token"
"oauth-secured.provider.com"
else
self.host
end
_endpoint_.port ||= self.port
raise 'No Host Info' unless _endpoint_.host
_endpoint_.to_s
end
end
Probably something will explode. I did not test it. There must be a reason for a single host.