This is a Rails Engine for applications which need to authenticate and authorize users with the ETM's Identity application. It provides helpers for requiring that a user (or admin) be signed in to use controllers or actions, as well as standard pages requesting the user sign in.
Add the engine to the Rails application Gemfile:
gem 'identity_rails', github: 'quintel/identity_rails'
Create an initializer to set the client ID and secret (provided by the Identity app):
# config/initializers/identity.rb
# Restart the server after making changes to these settings.
Identity.config.client_id = 'N8QmJxEELVK8gdjnLPTC6W6Etuf2cwcK'
Identity.config.client_secret = 'qTG4zH6VZT2KPVinHE5KhBZoySTVAKD5'Note that the mount path /auth is required, and must not be changed.
This engine provides two controller helpers which allow you to restrict who may use an action:
before_action :authenticate_user!Requires that the visitor be signed in to use the action. If not, they will be prompted to do so.
before_action :authenticate_admin!Identical to authenticate_user! except that the signed-in user must also have the admin role.
Returns the current user, if signed in, or nil otherwise.
Returns whether the visitor is signed in.
Returns the paths for signing in or out. The sign in path responds to GET or POST requests: GET will show a sign in prompt, while POST sends the user to the identity provider.
Signing out is only possible with a POST request. The user will be signed out of the application and the identity provider, and will finally be redirected back to the root of your application.
Returns the current Identity::Session if the visitor is signed in. This gives access to the user
and a copy of the access token which can be used to send further requests to the identity provider.
The gem is available as open source under the terms of the MIT License.