Adding Okta Authentication
This information comes from notes during the implementation of Okta within an Avalon instance.
TL,DR
Check these two commits
Steps
Add to Gemfile
gem 'omniauth-oktaoauth'
Add Okta provider to User model, use email as username
devise_list << { omniauth_providers: [:oktaoauth] } if ENV['OKTA_CLIENT_ID']
def self.find_by_username_or_email(login)
create(username: email, email: email, password: Devise.friendly_token[0, 20], provider: provider)
end
Setup Okta params in config/initializers/devise.rb
if provider[:provider] == :oktaoauth
okta_params = params.delete(:oauth_credentials)
params[:strategy_class] = params[:strategy_class].constantize if params.has_key?(:strategy_class)
okta_params << params
params = okta_params
end
Add Okta config to auth block in config/settings.yml
configuration:
<% if ENV['OKTA_CLIENT_ID'] %>
- :name: Avalon Okta Oauth
:provider: :oktaoauth
:hidden: false
:params:
:oauth_credentials: [<%= ENV['OKTA_CLIENT_ID'] %>, <%= ENV['OKTA_CLIENT_SECRET'] %>]
:scope: 'openid profile email'
:fields: ['profile','email']
:client_options:
site: <%= ENV['OKTA_ISSUER'] %>
authorize_url: <%= ENV['OKTA_ISSUER'] + "/v1/authorize" %>
token_url: <%= ENV['OKTA_ISSUER'] + "/v1/token" %>
:redirect_uri: <%= ENV["OKTA_REDIRECT_URI"] %>
:auth_server_id: <%= ENV['OKTA_AUTH_SERVER_ID'] %>
:issuer: <%= ENV['OKTA_ISSUER'] %>
:strategy_class: 'OmniAuth::Strategies::Oktaoauth'
<% end %>
Example config
OKTA_ISSUER=https://okta.example.edu/oauth2 OKTA_REDIRECT_URI=https://avalon.example.edu/users/auth/oktaoauth/callback OKTA_AUTH_SERVER_ID=""
Avoid infinite redirect, add to after_omniauth_failure_path_for method in app/controllers/users/omniauth_callbacks_controller.rb
when 'oktaoauth'
msg = I18n.t 'devise.omniauth_callbacks.failure', reason: failure_message
root_path
, multiple selections available,