Adding Okta Authentication
- Phuong Dinh
- Jon Cameron
- Dananji Withana
Owned by Phuong Dinh
This information comes from notes during the implementation of Okta within an Avalon instance.
TL,DR
Check these two commits
Steps
Add to Gemfile
gem 'omniauth-oktaoauth'
Add Okta provider to User model, use email as username
devise_list << { omniauth_providers: [:oktaoauth] } if ENV['OKTA_CLIENT_ID']
def self.find_by_username_or_email(login)
create(username: email, email: email, password: Devise.friendly_token[0, 20], provider: provider)
end
Setup Okta params in config/initializers/devise.rb
if provider[:provider] == :oktaoauth
okta_params = params.delete(:oauth_credentials)
params[:strategy_class] = params[:strategy_class].constantize if params.has_key?(:strategy_class)
okta_params << params
params = okta_params
end
Add Okta config to auth block in config/settings.yml
configuration:
<% if ENV['OKTA_CLIENT_ID'] %>
- :name: Avalon Okta Oauth
:provider: :oktaoauth
:hidden: false
:params:
:oauth_credentials: [<%= ENV['OKTA_CLIENT_ID'] %>, <%= ENV['OKTA_CLIENT_SECRET'] %>]
:scope: 'openid profile email'
:fields: ['profile','email']
:client_options:
site: <%= ENV['OKTA_ISSUER'] %>
authorize_url: <%= ENV['OKTA_ISSUER'] + "/v1/authorize" %>
token_url: <%= ENV['OKTA_ISSUER'] + "/v1/token" %>
:redirect_uri: <%= ENV["OKTA_REDIRECT_URI"] %>
:auth_server_id: <%= ENV['OKTA_AUTH_SERVER_ID'] %>
:issuer: <%= ENV['OKTA_ISSUER'] %>
:strategy_class: 'OmniAuth::Strategies::Oktaoauth'
<% end %>
Example config
OKTA_ISSUER=https://okta.example.edu/oauth2 OKTA_REDIRECT_URI=https://avalon.example.edu/users/auth/oktaoauth/callback OKTA_AUTH_SERVER_ID=""
Avoid infinite redirect, add to after_omniauth_failure_path_for method in app/controllers/users/omniauth_callbacks_controller.rb
when 'oktaoauth'
msg = I18n.t 'devise.omniauth_callbacks.failure', reason: failure_message
root_path