0.0
The project is in a healthy, maintained state
Description of Ruesia.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
 Dependencies
 Project Readme

Ruesia

OmniAuth::Strategies::Ruesia is a simple Rack middleware for authorization in the russian Unified identification and authentication system(ЕСИА). Read the OmniAuth docs for detailed instructions: https://github.com/intridea/omniauth. The …/v2/ac resource is used as a technical solution for gathering authentication code and …/v3/te for JWT. In order to write client_secret, you need to send an http post request to any system that can work with data-hash signing algorithms using mechanisms of certified Russian cryptographic means of information protection and a certificate of the information system and return json response with signature, for example https://github.com/vysogota0399/cryptopro-sign

Request:
POST /api/sign { test: 'any base64urlsafe encoded string' }

Response:
{ signature: 'base64urlsafe signature' }

Installation

Add this line to your application's Gemfile:

gem "ruesia"

And then execute:

$ bundle

Or install it yourself as:

$ gem install ruesia

Usage

Here's a quick example, adding the middleware to a Rails app in config/initializers/ruesia.rb:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :ruesia, 'MY_SYSTEM',
    scope: 'fullname email mobile id_doc'
    cert_fingerprint: 'cert hex fingerprint'
    csp_server_url: 'http://192.168.1.195:8080/api/sign'
    client_options:
      site: 'https://esia-portal1.test.gosuslugi.ru'
end

Configuration

Guidelines for the use of the Unified Identification and Authentication System: https://digital.gov.ru/ru/documents/6186/

option comment
scope requested access rights - paragraph B4 Table 95
cert_fingerprint parameter containing the hash of the certificate (fingerprint) of the client system in hex format. To generate it, use http://esia.gosuslugi.ru/public/calc_cert_hash_unix.zip
csp_server_url url for cms server. We use Faradat to post request for /api/sign

Add callback request to routes

get 'auth/:provider/callback', to: 'api/client/esia#create'

Contributing

Contribution directions go here.

License

The gem is available as open source under the terms of the MIT License.