Custom OIDC provider

[vladimirdulov]

Could you implement an ability to setup a custom OIDC provider?

I think the following settings need to be implemented:

DISPLAY_NAME to specify custom provider name on the button
OIDC_AUTH_ENDPOINT e.g. https://my-oidc-provider.url/openid/auth
OIDC_TOKEN_ENDPOINT e.g. https://my-oidc-provider.url/openid/token
OIDC_PROFILE_ENDPOINT e.g. https://my-oidc-provider.url/openid/me
OIDC_CLIENT_ID
OIDC_CLIENT_SECRET
OIDC_SCOPE e.g. "openid,profile,email"
OIDC_UID_FIELD e.g. "sub"
OIDC_NAME_FIELD e.g. "name"
OIDC_EMAIL_FIELD e.g. "email"

[vladimirdulov]

I've submitted a PR to implement an ability to setup a custom OIDC provider.
@picman please review.
#25

Looking forward to use your add-on (OIDC auth) in redmine app for Cloudron.

[gramakri]

@picman now that #25 is merged, possible to make a new release? Also, this ticket can possibly be closed. Thanks!

[picman]

A few issues before the release:
1.

oauth_custom_uid_field_info: UID field (default - sub)

What do you mean with 'sub'?
If I open the plugin's settings page and switch to the new Custom provider, the field is preset to 'preferred_username' which doesn't correspond with 'sub'.

2. app/views/hooks/view_account_login_bottom.html.erb: I suggest the following change in the code to prevent nil.strip when Setting.plugin_redmine_oauth[:custom_name] is not set.

-- <%= l(:oauth_login_via, oauth: Setting.plugin_redmine_oauth[:custom_name].strip.empty? ? Setting.plugin_redmine_oauth[:oauth_name] : Setting.plugin_redmine_oauth[:custom_name]).html_safe %>
++ <%= l(:oauth_login_via, oauth: Setting.plugin_redmine_oauth[:custom_name].blank? ? Setting.plugin_redmine_oauth[:oauth_name] : Setting.plugin_redmine_oauth[:custom_name]).html_safe %>

3. Shouldn't be the new settings field initialized in the init.rb too?

[vladimirdulov]

A few issues before the release: 1.

oauth_custom_uid_field_info: UID field (default - sub)

What do you mean with 'sub'? If I open the plugin's settings page and switch to the new Custom provider, the field is preset to 'preferred_username' which doesn't correspond with 'sub'.

sub is the identity of the user, called subject in OpenID.
I think preferred_username also works well as the default value.

https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims

2. app/views/hooks/view_account_login_bottom.html.erb: I suggest the following change in the code to prevent nil.strip when Setting.plugin_redmine_oauth[:custom_name] is not set.

-- <%= l(:oauth_login_via, oauth: Setting.plugin_redmine_oauth[:custom_name].strip.empty? ? Setting.plugin_redmine_oauth[:oauth_name] : Setting.plugin_redmine_oauth[:custom_name]).html_safe %>
++ <%= l(:oauth_login_via, oauth: Setting.plugin_redmine_oauth[:custom_name].blank? ? Setting.plugin_redmine_oauth[:oauth_name] : Setting.plugin_redmine_oauth[:custom_name]).html_safe %>

Good point, agree.

3. Shouldn't be the new settings field initialized in the init.rb too?

Probably you are absolutely correct, sorry I missed it (tbh I'm not a ruby/redmine dev).

just created a new PR for the suggested changes.
#27

[picman]

Thanks.