Add our client ID and client secret, to connect to NeoPass for real!
Wowie, it's starting to happen! :3 When you run this in production, though, you get back the auth failure message, and the OmniAuth logs say the server returned the following: > invalid_client: Client authentication failed (e.g., unknown client, > no client authentication included, or unsupported authentication > method). The OAuth 2.0 Client supports client authentication method > 'client_secret_post', but method 'client_secret_basic' was requested. > You must configure the OAuth 2.0 client's > 'token_endpoint_auth_method' value to accept 'client_secret_basic'. I'll add a fix for this in the next commit, with some explanations as to why!
This commit is contained in:
parent
fcc17d3dcf
commit
08986153df
4 changed files with 17 additions and 7 deletions
|
@ -1 +1 @@
|
||||||
p001YS2L7h/DJ9mWOUxcWD/wBNXQ41BOsN9vjnW9QWtECNNzMjRsPVZ8vkOXmRt5mHAOmvzAUhRbKmWE0PaUHMpJAVlct1mCpXlE2rHwKESuZ4S1tJFiSCfu0Uu97Nbw3kQScMJ9cB801QPpjDq5FxoCEz4XtuCEc8nuh23Ni8I77Jw9NG4VfiFFQHFhNk8xhAoAIiYekEoliRYJc1osmzSb8FcDlIV/GompPN4G2EaBcFvX1CMP2F2AYHR8EVvaeTmIv0GsdLL8NnEnsuqd+GZMljIr346aOSOzmUC76rgubpEdqG4mBZzzUjQxvXqnuawOmbQWAbDkDcSoZYwVhc2/QmR3VtFtV/YaBX27h2cp9Ef14FgpK7y1KO1vE7row8lxq4rwtZaGT0nbXf//4gpdDdrRKEOJRjwi5l+ydPgfa4aHQohFZ+4a7App3N5dovG1/c9W/a4T/7i5aBxYeiCKD6+byss74jJaqZ34eNxVQOZxoi+HfHPQwMRwsGVxKzGJaGLijwjuYq5iAdSBiMY2WouF17gNJKXgEILFvy/xAyHnUDM3K/traeC7ULRztdGGxHHIC2D26+s5mS5zI9OAM2lXI6ms4jKEui/BYKuQ/sHpB4Cg7wdk0JQ5SPW/8b35oW6Cuz31NrzUju5WXtXtGvlMPBKUWz8q8wIGEtM5Bc/5ASDS9Ag8J8seW2gprab2Ja7apUXPBUGuR5aU6JKLGNpAM/vV9lavgrm/rvXNlkPvgoULpBhtZI5EfuiSncke7NCuJUEw4fZr5KeRze5U7qyk1Jg+Fz2nQGvOn0T1PDvezN5yT+b/0YZnyTI9zmhur4KY4Z9OZgsMTG073qkdZF6y3qeWKHpWrhXKWc8i/CAVsUKrWQpSDWDhvzhhanR936OEoqqpKoGunsba1fh5oOdrTBiFnH+MfI/IAh7tjUjcQx6bu8/1rdaZ7omBdaeDx36SekoOqndCBgrMX0mri5hoG2LIVA==--VLKM05ugRRSrks6H--/nICajJes+PjNkh9lyRi0Q==
|
nyb0iYp3ohic5yKU42wU1YFnL1YHMvOxyCZOz1Vs/fDgcSHFajsTaBM+smD+/+6xnhOlu9uaHIXCGUZiKnY6pjnJJRrO2w6h20p7tuulbPwJEKszljdnREMSII2ltatK0efb2X+UkqIU+fAr7L+6VglX6tYKSk06BC505HUKWhK+UHkHVx9UiQe6KJhX//+G/jE033kMnj/Krqn6QrJ3xwe1jWwdnAi/glJSLt2zGJDndPVPag/8UBeJqd3VtJOIDFTe0FxGvtc5KFUYrkZ1YJWWCIcGlDWpm0Mt3EEQ2yrqYC0VtSg6EedcDZBqcXF9uY2femXSriOmAw7hTHcF0YG0N0elweq8LCa3Q1sEW+BGibrPwIL14aogySDR7BYoq3LevW94ExnUsIwyGPRFpG+nDWA3HGb/BSySSIkLd70a3943S8a7klmo8fo1CArxfIt/8xyXrF0D6T+9FHnhvaj+pDSBOUxlcqZ3qvmLEWwMfCUBOLpTHo2ZlKpKlDJuJmAZ7/ah+Mg34WWPbsXU+7tUhKEXckvM/gaTvmByhxdBDE/7KsnP50qQods7ODjrDTaxHut9OBrl3ODc9Y14dp66OYIMy4X8sS/N5momi59E9MZaGj6bfaZor0ZxctRRJTjrEHFyvxO0CXYh5kkHLjs5BVB00wWHeNA9qgNEdsGVrYCa4v3RXZ6vc8JmtUXy1vwErC67uaemgWds38OV3/xViZFzbnZtqOiSWTzD8/myhKa75GLZ0vjk8+s96GDqX2+lHz6X+RA7NcCdGO+gW1f3Xm7M/Rp5nAUHSfrLG6Gv/RH8nkvGxkT6dcwZjSJ00+1ENL2qqN20008OX5TuWKeo1/TF4DFxJ+X1ipWqoZhypZOW38sRROqE5uGF1aBga8CbCLWF2p1E3HSi45vbSMnpWau4i+8KQvzfUksa7nk1O6qqEamdoJGb9OJuv//ZYcv1GyDfM/8iFIReIwsM7q/hlB0PjfFkoYsC5WRbRMncKEzzGs8fVpL4O4enDPe4ZopaYHecnPy1oDoxrpl6OOSSOjMxg+0=--+Jx8l9zhIw0wWX6f--2I4PF87PHuXTkmcBI3yhVA==
|
|
@ -121,6 +121,10 @@ Rails.application.configure do
|
||||||
config.neopass_access_secret = "1"
|
config.neopass_access_secret = "1"
|
||||||
|
|
||||||
# Use the local NeoPass development server.
|
# Use the local NeoPass development server.
|
||||||
|
#
|
||||||
|
# NOTE: In my testing, using the live NeoPass server here returns "403
|
||||||
|
# Forbidden", I suspect because the development callback URL didn't
|
||||||
|
# make it into the live config? Ah, well!
|
||||||
config.neopass_origin = "https://localhost:8585"
|
config.neopass_origin = "https://localhost:8585"
|
||||||
|
|
||||||
# Set the NeoPass redirect callback URL.
|
# Set the NeoPass redirect callback URL.
|
||||||
|
|
|
@ -137,7 +137,7 @@ Rails.application.configure do
|
||||||
|
|
||||||
# To see NeoPass features, add ?neopass=<SECRET> to relevant pages.
|
# To see NeoPass features, add ?neopass=<SECRET> to relevant pages.
|
||||||
config.neopass_access_secret =
|
config.neopass_access_secret =
|
||||||
Rails.application.credentials.neopass.access_secret
|
Rails.application.credentials.neopass.access_secret!
|
||||||
|
|
||||||
# Use the live NeoPass production server.
|
# Use the live NeoPass production server.
|
||||||
config.neopass_origin = "https://oidc.neopets.com"
|
config.neopass_origin = "https://oidc.neopets.com"
|
||||||
|
|
|
@ -275,19 +275,25 @@ Devise.setup do |config|
|
||||||
# up on your models and hooks.
|
# up on your models and hooks.
|
||||||
config.omniauth :openid_connect, {
|
config.omniauth :openid_connect, {
|
||||||
name: :neopass,
|
name: :neopass,
|
||||||
scope: [:openid, :email, :profile],
|
scope: [:openid, :email],
|
||||||
response_type: :code,
|
response_type: :code,
|
||||||
issuer: Rails.configuration.neopass_origin,
|
issuer: Rails.configuration.neopass_origin,
|
||||||
discovery: true,
|
discovery: true,
|
||||||
client_options: {
|
client_options: {
|
||||||
identifier: "DTI-TODO",
|
identifier: "19ea1361-f0b1-48f2-9405-b570c655afd9",
|
||||||
secret: "DTI-TODO",
|
secret: Rails.application.credentials.dig(:neopass, :client_secret),
|
||||||
redirect_uri: Rails.configuration.neopass_redirect_uri,
|
redirect_uri: Rails.configuration.neopass_redirect_uri,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
# Output OmniAuth debug info to the server logs in development
|
# Output OmniAuth debug info to the server logs.
|
||||||
OmniAuth.config.logger = Rails.logger if Rails.env.development?
|
#
|
||||||
|
# TODO: We should perhaps evaluate whether these logs contain sensitive
|
||||||
|
# information in production? I wouldn't think so, and it will be useful
|
||||||
|
# for debugging NeoPass, but let's keep an eye on that! Consider
|
||||||
|
# setting this to only be true in development mode, if we're not
|
||||||
|
# actively using it anymore.
|
||||||
|
OmniAuth.config.logger = Rails.logger
|
||||||
|
|
||||||
# ==> Warden configuration
|
# ==> Warden configuration
|
||||||
# If you want to use other strategies, that are not supported by Devise, or
|
# If you want to use other strategies, that are not supported by Devise, or
|
||||||
|
|
Loading…
Reference in a new issue