A lightweight Rails app that powers Hack Club's Submit flow. It handles OAuth with Hack Club Identity, issues short-lived tokens, and lets YSWS sites pre-fill forms with verified Identity Vault info.
- Program landing pages that kick off the identity check.
- A
/api/identity/urlendpoint for building OAuth links. - A
/api/verifyendpoint partners call to confirm a submission.
- Install deps:
bundle install. - Set up the database:
bin/rails db:prepare. - Run everything with
bin/dev(Procfile.dev).
Visit http://submit.hackclub.com via a program link, and walk through the flow.
Set these environment variables (shell, .env, or your process manager):
IDENTITY_URL,IDENTITY_CLIENT_ID,IDENTITY_CLIENT_SECRETIDENTITY_PROGRAM_KEYNEXTAUTH_URLSECRET_KEY_BASEDATABASE_URL(production only)- Optional:
STATE_HMAC_SECRET(defaults toSECRET_KEY_BASE)
bin/rails server— run just the Rails server.bin/rails test— run the test suite.bin/rails console— inspect data locally.
- Program pages seed a
submit_idand log the visit. - Identity endpoints build OAuth state with
StateTokenand redirect to Hack Club Identity. - The callback fetches and normalizes identity via
IdentityNormalizer, then redirects or issues a token. - Partners call
POST /api/verifywith that token to validate the submission.
Use the provided Dockerfile (see bin/docker-entrypoint) or your own Rails setup. Make sure SECRET_KEY_BASE, DATABASE_URL, and the identity environment variables are present before boot.
Check the models (Program, AuthorizedSubmitToken, AuthorizationRequest) and services (IdentityNormalizer, StateToken) for implementation notes. The .github/copilot-instructions.md file has deeper background if you need it.
