Troubleshooting sso issue with logging.

app/controllers/users/omniauth_callbacks_controller.rb

@@ -1,11 +1,32 @@
 class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
 
-   def office365
-      # Handle Office 365 callback
-    end
+  def office365
+    log_omniauth_data
+    check_omniauth_auth
+  end
 
-  def failure
-    redirect_to root_path
+  def google_oauth2
+    log_omniauth_data
+    check_omniauth_auth
+  end
+
+  def keycloak_openid
+    log_omniauth_data
+    check_omniauth_auth
+  end
+
+  def oauth2
+    log_omniauth_data
+    @user = User.from_omniauth(request.env["omniauth.auth"])
+      sign_in_and_redirect @user, event: :authentication
+      set_flash_message(:notice, :success, kind: "OAuth2") if is_navigational_format?
+      check_omniauth_auth      
+  end
+
+  def okta
+    Rails.logger.debug "OmniAuth auth data: #{request.env['omniauth.auth'].inspect}"
+    session[:oktastate] = request.env["omniauth.auth"]["uid"]
+    check_omniauth_auth
   end
 
   def passthru
@@ -20,6 +41,11 @@ def failure
     redirect_to after_omniauth_failure_path_for(resource_name)
   end
 
+  def log_omniauth_data
+    Rails.logger.debug "OmniAuth auth data: #{request.env['omniauth.auth'].inspect}"
+    Rails.logger.debug "Request environment: #{request.env.inspect}"
+  end
+
 
   private
     def check_omniauth_auth

app/models/user.rb

@@ -398,23 +398,41 @@ def preference_url
     url
   end
 
+  # def self.from_omniauth(auth)
+  #   if where(email: auth.info.email || "#{auth.uid}@#{auth.provider}.com").present?
+  #     where(email: auth.info.email || "#{auth.uid}@#{auth.provider}.com").first do |user|
+  #       user.provider = auth.provider
+  #       user.uid = auth.uid
+  #       user.first_name = auth.info.first_name rescue nil
+  #       user.last_name = auth.info.last_name rescue nil
+  #       user.email = auth.info.email || "#{auth.uid}@#{auth.provider}.com"
+  #       user.login = auth.info.email || "#{auth.uid}@#{auth.provider}.com"
+  #       user.first_name ||= user.login
+  #       user.last_name ||= user.login
+  #       user.password = Devise.friendly_token[0, 20]
+  #     end
+  #   else
+  #     nil
+  #   end
+  # end
+
   def self.from_omniauth(auth)
-    if where(email: auth.info.email || "#{auth.uid}@#{auth.provider}.com").present?
-      where(email: auth.info.email || "#{auth.uid}@#{auth.provider}.com").first do |user|
-        user.provider = auth.provider
-        user.uid = auth.uid
-        user.first_name = auth.info.first_name rescue nil
-        user.last_name = auth.info.last_name rescue nil
-        user.email = auth.info.email || "#{auth.uid}@#{auth.provider}.com"
-        user.login = auth.info.email || "#{auth.uid}@#{auth.provider}.com"
-        user.first_name ||= user.login
-        user.last_name ||= user.login
-        user.password = Devise.friendly_token[0, 20]
-      end
-    else
-      nil
+    user = where(email: auth.info.email || "#{auth.uid}@#{auth.provider}.com").first_or_initialize do |user|
+      user.provider = auth.provider
+      user.uid = auth.uid
+      user.first_name = auth.info.first_name if auth.info.first_name.present?
+      user.last_name = auth.info.last_name if auth.info.last_name.present?
+      user.email = auth.info.email || "#{auth.uid}@#{auth.provider}.com"
+      user.login = auth.info.email || "#{auth.uid}@#{auth.provider}.com"
+      user.first_name ||= user.login
+      user.last_name ||= user.login
+      user.password = Devise.friendly_token[0, 20] if user.new_record?
     end
+
+    user.save if user.changed?
+    user
   end
+
 
   def password_complexity
     return unless self.changes.has_key?("password")

config/initializers/devise.rb

@@ -1,5 +1,6 @@
 # require 'omniauth-oktaoauth'
 require Rails.root.join("lib", "omniauth", "strategies","office365.rb")
+require Rails.root.join("lib", "omniauth", "strategies","keycloak_openid.rb")
 
 # frozen_string_literal: true
 
@@ -262,25 +263,30 @@
   # up on your models and hooks.
   # config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo'
 
-# config.omniauth :keycloak_openid,
-#  ENV['KEYCLOAK_CLIENT_ID'],
-#  ENV['KEYCLOAK_CLIENT_SECRET'],
-#  client_options: { site: ENV['KEYCLOAK_SITE'] },
-#  scope: 'openid email',
-#  redirect_uri: "https://mpath-qa.microhealthllc.com/auth/keycloak/callback"
-
-config.omniauth :office365,
-  ENV['OFFICE365_CLIENT_ID'],
-  ENV['OFFICE365_CLIENT_SECRET'],
-  {
-    scope: 'openid profile email offline_access https://graph.microsoft.com/email',
+ config.omniauth( :keycloak_openid,
+    ENV['KEYCLOAK_CLIENT_ID'],
+    ENV['KEYCLOAK_CLIENT_SECRET'],
     client_options: {
-      site: 'https://login.microsoftonline.com',
-      authorize_url: '/common/oauth2/v2.0/authorize',
-      token_url: '/common/oauth2/v2.0/token'
-    }
-  }
-
+      site: 'https://keycloak.microhealthllc.com',
+      realm: 'master',
+    },
+    scope: [:openid, :profile, :email],
+    :strategy_class => OmniAuth::Strategies::KeycloakOpenId
+   )
+
+  config.omniauth(:office365, 
+    ENV['OFFICE365_KEY'], 
+    ENV['OFFICE365_SECRET'], 
+    :scope => 'openid profile email offline_access user.read mail.read',
+    :client_options => {
+      :site => 'https://graph.microsoft.com/v1.0',
+      :authorize_url => 'https://login.microsoftonline.com/common/oauth2/v2.0/authorize',
+      :token_url => 'https://login.microsoftonline.com/common/oauth2/v2.0/token'
+    },
+    provider_ignores_state: true, 
+    prompt: :select_account
+  )
+
   config.omniauth( :oauth2,
     ENV['KEYCLOAK_CLIENT_ID'],
     ENV['KEYCLOAK_CLIENT_SECRET'],
@@ -292,9 +298,7 @@
       authorize_url: "/realms/#{ENV['KEYCLOAK_REALM'] || 'master'}/protocol/openid-connect/auth",
       token_url: "/realms/#{ENV['KEYCLOAK_REALM'] || 'master'}/protocol/openid-connect/token"
     },
-    strategy_class: OmniAuth::Strategies::OAuth2
-    # redirect_uri: "
-https://mpath-qa.microhealthllc.com/users/auth/oauth2/callback"
+    strategy_class: OmniAuth::Strategies::OAuth2    
     )
 
 config.omniauth :google_oauth2, ENV['GOOGLE_OAUTH_KEY'],  ENV['GOOGLE_OAUTH_SECRET'], provider_ignores_state: true