Switch branches/tags
Nothing to show
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
app
bin
config
db
lib folder shuffle Mar 8, 2018
public
test
vendor
.gitignore
.ruby-version
Gemfile
Gemfile.lock
README.md
Rakefile
config.ru
package.json

README.md

Resource Owner Password Grant Sample

This sample is a default Ruby on Rails 5 app that makes use of the openid-connect gem for authenticating users via the OpenId Connect Resource Owner Password Grant Flow.

The sample tries to keep everything as simple as possible so only implements

  • Login - Authenticate users in a single request to OneLogin with out any redirects
  • User Info - fetching profile information from OneLogin
  • Logout - destroying the local session and revoking the token at OneLogin

Authenticate the user

def log_in(username, password)
  response = HTTParty.post("https://#{ONELOGIN_SUBDOMAIN}.onelogin.com/oidc/token",
    body: {
      grant_type: 'password',
      client_id: ONELOGIN_CLIENT_ID,
      client_secret: ONELOGIN_CLIENT_SECRET,
      username: username,
      password: password,
      scope: 'openid profile email'
    }
  )

  json = JSON.parse(response.body)

  return nil unless json['access_token']

  session[:access_token] = json['access_token']
end

Fetch user info

  def user_info
    return nil unless session[:access_token].present?

    response = HTTParty.get("https://#{ONELOGIN_SUBDOMAIN}.onelogin.com/oidc/me",
      headers: {
        'Authorization' => "Bearer #{session[:access_token]}"
      }
    )

    JSON.parse(response.body)
  end

Destroy the session

def log_out
  HTTParty.post("https://#{ONELOGIN_SUBDOMAIN}.onelogin.com/oidc/token/revocation",
    body: {
      client_id: ONELOGIN_CLIENT_ID,
      client_secret: ONELOGIN_CLIENT_SECRET,
      token: session[:access_token],
      token_type_hint: 'access_token'
    }
  )

  session.delete(:access_token)
  @current_user = nil
end

The dashboard#index is a protected page to prove the authentication works and creates a session. You will need to be authenticated to view it.

Setup

In order to run this sample you need to setup an OpenId Connect app in your OneLogin Admin portal.

If you don't have a OneLogin developer account you can sign up here.

  1. Clone this repo
  2. Update app/helpers/sessions_helper.rb with the client_id and client_secret you obtained from OneLogin as well as the subdomain of your OneLogin account.
ONELOGIN_CLIENT_ID = 'ONELOGIN CLIENT ID'
ONELOGIN_CLIENT_SECRET = 'ONELOGIN CLIENT SECRET'
ONELOGIN_SUBDOMAIN = 'SUBDOMAIN'

Note to keep the example simple we have included the configuration in the sessions_helper but you should store these values in environment variables or a secrets file.

Run

From the command line run

> bundle install
> rails s