config/initializers/doorkeeper_openid_connect.rb

   1 # frozen_string_literal: true
   2
   3 Doorkeeper::OpenidConnect.configure do
   4   issuer do |_resource_owner, _application|
   5     "#{Settings.server_protocol}://#{Settings.server_url}"
   6   end
   7
   8   signing_key Settings.doorkeeper_signing_key
   9
  10   subject_types_supported [:public]
  11
  12   resource_owner_from_access_token do |access_token|
  13     User.find_by(:id => access_token.resource_owner_id)
  14   end
  15
  16   auth_time_from_resource_owner do |resource_owner|
  17     # empty block necessary as a workaround to missing configuration
  18     # when no auth_time claim is provided
  19   end
  20
  21   subject do |resource_owner, _application|
  22     resource_owner.id
  23   end
  24
  25   protocol do
  26     Settings.server_protocol.to_sym
  27   end
  28
  29   claims do
  30     claim :preferred_username, :scope => :openid do |resource_owner, _scopes, _access_token|
  31       resource_owner.display_name
  32     end
  33
  34     claim :email, :scope => :read_email, :response => [:id_token, :user_info] do |resource_owner, _scopes, _access_token|
  35       resource_owner.email
  36     end
  37   end
  38 end