github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-06-16 01:01:30 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
Files
tests-passed
discourse/lib/auth/linkedin_oidc_authenticator.rb
Régis Hanol 0de08e780b UX: better error message when social login fails (#32772) 
This improves the error message(s) displayed when an error happens while
using a social login to log in / sign up into a Discourse community.

Unfortunately, we can't be super precise in the reason behind the error
(it can be the user clicked "cancel" during the authorization phase, or
any of the plethora of other possible errors) because the reason isn't
provided (either for security reasons, or because it's just hard to do
so in a reliable & consistent way accross all social logins).

The best I could do was to

- add the name of the "social login" provider in the error message
- tweak the copy a bit for the different cases handle
- fix the CSS/HTML to match the one used by the main application

In order to show the name of the provider, we use either the "provider"
or the "strategy" query parameter, or use the name of the authenticator
(if it's the only one enabled).

Internal ref - t/153662

---

**BEFORE**


![before](https://github.com/user-attachments/assets/67579a3e-5a61-4e8f-aa72-4dc375547e39)

**AFTER**


![after](https://github.com/user-attachments/assets/954f9c8a-e865-44ff-b1e3-841393a26edf)
2025-05-20 16:22:38 +02:00

72 lines
1.8 KiB
Ruby
Raw Permalink Blame History

# frozen_string_literal: true
class Auth::LinkedInOidcAuthenticator < Auth::ManagedAuthenticator
class LinkedInOidc < OmniAuth::Strategies::OAuth2
option :name, "linkedin_oidc"
option :client_options,
{
site: "https://api.linkedin.com",
authorize_url: "https://www.linkedin.com/oauth/v2/authorization?response_type=code",
token_url: "https://www.linkedin.com/oauth/v2/accessToken",
}
option :scope, "openid profile email"
uid { raw_info["sub"] }
info do
{
email: raw_info["email"],
first_name: raw_info["given_name"],
last_name: raw_info["family_name"],
image: raw_info["picture"],
}
end
extra { { "raw_info" => raw_info } }
def callback_url
full_host + script_name + callback_path
end
def raw_info
@raw_info ||= access_token.get(profile_endpoint).parsed
end
private
def profile_endpoint
"/v2/userinfo"
end
end
def name
"linkedin_oidc"
end
def display_name
"LinkedIn"
end
def enabled?
SiteSetting.enable_linkedin_oidc_logins
end
def register_middleware(omniauth)
omniauth.provider LinkedInOidc,
setup:
lambda { |env|
strategy = env["omniauth.strategy"]
strategy.options[:client_id] = SiteSetting.linkedin_oidc_client_id
strategy.options[:client_secret] = SiteSetting.linkedin_oidc_client_secret
}
end
# LinkedIn doesn't let users login to websites unless they verify their e-mail
# address, so whatever e-mail we get from LinkedIn must be verified.
def primary_email_verified?(_auth_token)
true
end
end
Reference in New Issue View Git Blame Copy Permalink