Upgrade notes related with custom omniauth providers.#5760
Upgrade notes related with custom omniauth providers.#5760tramuntanal merged 4 commits into0.21-stablefrom
Conversation
microstudi
left a comment
There was a problem hiding this comment.
Should we put this information in here maybe too?
https://github.com/decidim/decidim/blob/e181d7e67bdf915a3a8e58416c683f52346de047/docs/services/social_providers.md#custom-providers
|
However, I've been testing meta.decidim.org and I think the problem is not completely solved. However, it doesn't work anymore, probably due the configuration no longer has the line Decidim::User.omniauth_providers << :decidimBut, if we have this line we duplicate the provider definition and the error is back. |
|
Hi @microstudi , |
|
yes they both need to be configured via system admin. |
|
@microstudi I don't think a default configuration should be used because in a given installation there may be organizations that don't want to have some, or any, of the configured custom OAuth providers. |
microstudi
left a comment
There was a problem hiding this comment.
I am testing this but it's a little bit difficult to test it in localhost.
What I've found is not possible to just expect that omniauth providers won't need extra configuration options. Currenlty we handle cases for facebook, google and twitter (file decidim-core/config/initializers/omniauth.rb).
So, and initializizer file would be needed in most cases, for instance, for using Decidim as a provider we will need this code:
config/initializers/omniauth_decidim.rb:
if Rails.application.secrets.dig(:omniauth, :decidim).present?
Rails.application.config.middleware.use OmniAuth::Builder do
provider(
:decidim,
setup: ->(env) {
request = Rack::Request.new(env)
organization = Decidim::Organization.find_by(host: request.host)
provider_config = organization.enabled_omniauth_providers[:decidim]
env["omniauth.strategy"].options[:client_id] = provider_config[:client_id]
env["omniauth.strategy"].options[:client_secret] = provider_config[:client_secret]
env["omniauth.strategy"].options[:site] = provider_config[:site_url]
},
scope: :public
)
end
endIt would be also possible to add the specific case for the Decidim provider in the file decidim-core/config/initializers/omniauth.rb, in which case no initializer would be needed.
In this case the code needed should be:
if omniauth_config[:google_oauth2].present?
provider(
:google_oauth2,
setup: setup_provider_proc(:google_oauth2, client_id: :client_id, client_secret: :client_secret)
)
end
if omniauth_config[:decidim].present?
provider(
:decidim,
setup: setup_provider_proc(:decidim, client_id: :client_id, client_secret: :client_secret, site: :site_url),
scope: :public
)
end
end
CHANGELOG.md
Outdated
| To make it clear, installations with custom Omniauth providers must remove the provider configuration from the corresponding `config/initializer/omniauth_xxx.rb`: | ||
|
|
||
| ``` | ||
| # This block should be kept | ||
| if Rails.application.secrets.dig(:omniauth, :decidim, :enabled) | ||
| Devise.setup do |config| | ||
| config.omniauth :decidim, | ||
| Rails.application.secrets.dig(:omniauth, :decidim, :client_id), | ||
| Rails.application.secrets.dig(:omniauth, :decidim, :client_secret), | ||
| Rails.application.secrets.dig(:omniauth, :decidim, :site_url), | ||
| scope: :public | ||
| end | ||
| end | ||
|
|
||
| # this line should be removed | ||
| Decidim::User.omniauth_providers << :decidim | ||
| ``` | ||
|
|
There was a problem hiding this comment.
With the new system, the whole initializer file is unnecessary. The only thing needed is the declaration in the secrets.yml file.
b565c9e to
9d92828
Compare
🎩 What? Why?
Thanks to #5516 it is now possible to customize which omniauth providers are enabled on each of the organizations in a multitenant installation.
But this also changes how this providers are configured in each installation.
This PR adds Upgrade notes to make developers/sysadmins aware of the required configuration change.
📌 Related Issues
📋 Subtasks
CHANGELOGentry