allow all hostnames, specify openid scope

digitaltom · digitaltom · commit b7ef34788de1 · 2026-02-17T15:51:55.000+01:00
diff --git a/config/environments/development.rb b/config/environments/development.rb
@@ -61,4 +61,7 @@
 
   # Uncomment if you wish to allow Action Cable access from any origin.
   # config.action_cable.disable_request_forgery_protection = true
+
+  #  # allow access with any hostname
+  config.hosts.clear
 end
diff --git a/lib/oic_client.rb b/lib/oic_client.rb
@@ -22,7 +22,7 @@ def initialize(redirect_uri)
   # Same value needs to be passed to the #validate method (store in users session)
   def auth_uri(nonce)
     client.authorization_uri(
-      scope: %i[profile email],
+      scope: %i[openid profile email],
       state: nonce,
       nonce:
     )
@@ -43,13 +43,13 @@ def validate(code, nonce)
     # id_token = OpenIDConnect::ResponseObject::IdToken.decode(access_token.id_token, public_keys)
     id_token = OpenIDConnect::ResponseObject::IdToken.new(JSON::JWT.decode(access_token.id_token, :skip_verification))
     id_token.verify!({ client_id: @client_id, issuer: config.issuer, nonce: })
-
     access_token.userinfo!
   end
 
   private
 
   def client
+    # Rack::OAuth2.debug!
     @client ||= OpenIDConnect::Client.new(
       identifier: @client_id,
       secret: @secret,
