Discourse/discourse
Discourse/discourse
0
0
Fork 0
mirror of https://gh.wpcy.net/https://github.com/discourse/discourse.git synced 2026-05-06 03:39:06 +08:00
Code Packages Activity Actions
discourse/lib/auth/linkedin_oidc_authenticator.rb
Régis Hanol 9dadc0141c
FEATURE: add link to "associated accounts" providers (#33275) 
This adds a link for each authentication providers that are listed in
/my/preferences/account in the "Associated Accounts" section.

This is particularly useful when Discourse is being used in the PWA or
in the DiscourseMobile app where there's no browser bar available and
the only way to visit the provider's website is to open a browser
window.

That way, they can _just_ click the provider's name.

Internal ref - t/156255

---

**BEFORE**

![Screenshot 2025-06-19 at 21 04
46](https://github.com/user-attachments/assets/3d2be5d0-d857-4b8a-b0a5-5672301c59c6)

**AFTER**

![Screenshot 2025-06-19 at 21 03
39](https://github.com/user-attachments/assets/4c8bc5e9-3c99-4924-8d33-547f567bb346)
2025-06-20 10:22:29 +02:00

75 lines
1.8 KiB
Ruby
Raw Permalink Blame History

# frozen_string_literal: true
class Auth::LinkedInOidcAuthenticator < Auth::ManagedAuthenticator
class LinkedInOidc < OmniAuth::Strategies::OAuth2
option :name, "linkedin_oidc"
option :client_options,
{
site: "https://api.linkedin.com",
authorize_url: "https://www.linkedin.com/oauth/v2/authorization?response_type=code",
token_url: "https://www.linkedin.com/oauth/v2/accessToken",
}
option :scope, "openid profile email"
uid { raw_info["sub"] }
info do
{
email: raw_info["email"],
first_name: raw_info["given_name"],
last_name: raw_info["family_name"],
image: raw_info["picture"],
}
end
extra { { "raw_info" => raw_info } }
def callback_url
full_host + script_name + callback_path
end
def raw_info
@raw_info ||= access_token.get(profile_endpoint).parsed
end
private
def profile_endpoint
"/v2/userinfo"
end
end
def name
"linkedin_oidc"
end
def display_name
"LinkedIn"
end
def provider_url
"https://www.linkedin.com"
end
def enabled?
SiteSetting.enable_linkedin_oidc_logins
end
def register_middleware(omniauth)
omniauth.provider LinkedInOidc,
setup:
lambda { |env|
strategy = env["omniauth.strategy"]
strategy.options[:client_id] = SiteSetting.linkedin_oidc_client_id
strategy.options[:client_secret] = SiteSetting.linkedin_oidc_client_secret
}
end
# LinkedIn doesn't let users login to websites unless they verify their e-mail
# address, so whatever e-mail we get from LinkedIn must be verified.
def primary_email_verified?(_auth_token)
true
end
end
View git blame Copy permalink