Skip to content

Vendor omniauth-salesforce gem

Jessie Young requested to merge jy-oauth-salesforce-vendor into master

What does this MR do and why?

  • Our ultimate goal is to upgrade omniauth to v2.0. See the related issue
  • In order to upgrade omniauth to v2.0, we need to upgrade omniauth-salesforce because the latter has a dependency on the former.
  • There is an open issue asking the maintainer to make omniauth-salesforce compatible with omniauth v2.0 but that hasn't happened yet: https://github.com/realdoug/omniauth-salesforce/issues/31
  • We are actively emailing with the gem owner about transferring or adding additional contributors to the gem but in the meantime this will unblock the upgrade.
  • This MR vendors the gem and updates its .gemspec file so that it is compatible with omniauth v2.0

Screenshots or screen recordings

Screen_Recording_2022-08-24_at_2.23.14_PM

How to set up and validate locally

Instructions on setting up Salesforce SSO: https://docs.gitlab.com/ee/integration/salesforce.html

  1. Create a Salesforce developer account at https://developer.salesforce.com/
  2. Create a new Connected App within Salesforce
    1. Check box for "Enable OAuth Settings"
    2. Add "http://localhost:3000/users/auth/salesforce/callback" as Callback URL (if you have SSL set up for gdk.test that will also work; only callback URLs that are localhost are allowed to be non-HTTPS)
    3. Add the Selected OAuth scopes: "Access the identity URL service" and "Access unique user identifiers"
    4. Save the connected app
  3. Click "Manage Consumer Details" button on the Connected App's page to view the app key and secret
  4. In your local config/gitlab.yml:
    1. Add Salesforce as an OAuth provider
    2. Change SALESFORCE_CLIENT_ID to the Consumer Key from the Salesforce connected application page.
    3. Change SALESFORCE_CLIENT_SECRET to the Consumer Secret from the Salesforce connected application page.
    4. Optional: Add allow_single_sign_on: 'salesforce' (more info)
    5. Optional: Add block_auto_created_users: false (more info)
  5. In your local config/initializers/omniauth.rb, change OmniAuth.config.full_host = "http://localhost:3000". Otherwise, it resolves to 127.0.0.1, which will not match the callback_url in the Salesforce connected app.
  6. Restart GDK
  7. Visit http://localhost:3000, and log in with Salesforce

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Jessie Young

Merge request reports