|
1 | 1 | # frozen_string_literal: true |
2 | 2 |
|
3 | 3 | Devise.setup do |config| |
4 | | - config.mailer_sender = "please-change-me@example.com" |
5 | | - require "devise/orm/active_record" |
6 | | - |
7 | | - # ActiveAdmin mounts Devise under /admin, so OmniAuth middleware must |
8 | | - # intercept /admin/auth/:provider instead of the default per-model prefix. |
9 | | - config.omniauth_path_prefix = "/admin/auth" |
| 4 | + config.mailer_sender = 'please-change-me@example.com' |
| 5 | + require 'devise/orm/active_record' |
10 | 6 |
|
11 | 7 | config.case_insensitive_keys = [:email] |
12 | 8 | config.strip_whitespace_keys = [:email] |
|
19 | 15 | config.reset_password_within = 6.hours |
20 | 16 | config.sign_out_via = :delete |
21 | 17 |
|
22 | | - # Wire omniauth_openid_connect via the gem. Deliberately lazy so that |
23 | | - # specs that `reset!` the config mid-test work without warnings — we |
24 | | - # register a minimal fake provider up front and rely on the test suite |
25 | | - # to mock omniauth.auth. |
26 | | - require "omniauth_openid_connect" |
27 | | - |
28 | | - config.omniauth :openid_connect, |
29 | | - name: :oidc, |
30 | | - path_prefix: "/admin/auth", |
31 | | - issuer: "https://idp.example.com", |
32 | | - discovery: false, |
33 | | - scope: %i[openid email profile], |
34 | | - response_type: :code, |
35 | | - client_options: { |
36 | | - identifier: "client-abc", |
37 | | - secret: "client-secret", |
38 | | - port: 443, |
39 | | - scheme: "https", |
40 | | - host: "idp.example.com", |
41 | | - authorization_endpoint: "/oauth/authorize", |
42 | | - token_endpoint: "/oauth/token", |
43 | | - userinfo_endpoint: "/oauth/userinfo", |
44 | | - jwks_uri: "/oauth/keys" |
45 | | - } |
| 18 | + # OmniAuth strategy registration and path prefix are handled automatically |
| 19 | + # by the gem's engine (see lib/activeadmin/oidc/engine.rb) based on the |
| 20 | + # ActiveAdmin::Oidc configuration in config/initializers/activeadmin_oidc.rb. |
46 | 21 | end |
0 commit comments