Project

omniauth-krystal

0.0
The project is in a healthy, maintained state
omniauth-krystalkrystal/omniauth-krystalHomepageDocumentationSource CodeBug Tracker
OmniAuth strategy for Krystal Identity
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
7,958
Stars
2
Forks
1
Watchers
7
 Releases
Current version
1.5.0
Total releases
7
First release
2022-01-11
Latest release
2023-07-14
 Pull Requests
Open Pull Requests
0
Closed Pull Requests
0
Merged Pull Requests
11
Pull Request Acceptance Rate
100%
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2023-01-24
Reverse Dependencies
0

 Dependencies

Runtime

omniauth
~> 2.0
omniauth-oauth2
~> 1.7
json
>= 0
jwt
>= 0
 Project Readme

OmniAuth Strategy for Krystal Identity

Gem Version

Krystal Identity is the single sign on service for Krystal. You can use this provider to authenticate your own applications using OmniAuth.

To begin, you'll need to create an OAuth Application through the Krystal Identity. Once you've done this, you'll need to provide your the client ID and secret provided within the web interface.

Once you have this, you can add the gem to your Gemfile and add the provider to your OmniAuth configuration.

$ bundle add omniauth-krystal

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :krystal, ENV['KRYSTAL_IDENTITY_CLIENT_ID'], ENV['KRYSTAL_IDENTITY_CLIENT_SECRET']
end

Identity-initiated logins

Krystal Identity can initiate logins to applications. This allows users to click a link in the Krystal Identity Dashboard to open up an application they have previously authorised. This is done by Identity beginning the OAuth flow resulting in the request arriving at the OAuth callback URL within the application. The purpose of this middleware is to avoid issues caused by CSRF protections within OmniAuth. The state parameter sent with the callback is a JWT token signed by Identity allowing the application to verify the request came from Identity and thus is safe to accept whereas it would normally be rejected.

Rails.application.config.middleware.insert_before OmniAuth::Builder,
                                                  OmniAuth::Krystal::InitiatedLoginMiddleware

Some additional options can be provided to this:

  • :provider_name - the name of the Krystal Identity provider (defaults to krystal)
  • :identity_url - the URL to the root of Identity (defaults to https://identity.krystal.io)
  • :anti_replay_expiry_seconds - the number of seconds to keep anti-replay tokens (defaults to 60)
  • :redis - a Redis client to use for storing anti-replay tokens (defaults to nil)