OpenstackIdentity

This gem provides a really simple way to authenticate against the OpenStack Identity service using OmniAuth.

It should be considered alpha quality at this point, with little to no tests in place.

Installation

Add this line to your application's Gemfile:

gem 'omniauth-openstack-identity'

And then execute:

$ bundle

Or install it yourself as:

$ gem install omniauth-openstack-identity

Usage

This gem supports both version 2 & version 3 of the Keystone API. You can use version 2, version 3 or both.

Assuming you are using a Rails application, add the requisite provider(s) to your omniauth.rb file like so:

Rails.application.config.middleware.use OmniAuth::Builder do
  ...
  provider :developer unless Rails.env.production?

  # Identity v2 endpoint will look like this: http://10.10.10.10:5000/v2.0
  provider :openstack_identity_v2, "<identity v2 endpoint>"

  # Identity v3 endpoint will look like this: http://10.10.10.10:5000/v3
  provider :openstack_identity_v3, "<identity v3 endpoint>"
  ...
end

Assuming a Sinatra app, add the requisite provider(s) inline like so:

require 'omniauth-openstack-identity'
use OmniAuth::Strategies::OpenstackIdentityV2, "<identity v2 endpoint>"
use OmniAuth::Strategies::OpenstackIdentityV3, "<identity v3 endpoint>"

Authentication Options

Identity/Keystone Version 2

Option 1 - Unscoped token via Username+Password

• Input: Username: demo Password: password

• Output: { "access":{ "token":{ "issued_at":"2014-06-23T21:38:16.239131", "expires":"2014-06-24T21:38:16Z", "id":"MIIC7wYJKoZIhvcNAQcCoIIC4DCCAtwCAQExCTAHBgUrDgMCGjCCAUUGCSqGSIb3DQEHAaCCATYEggEyeyJhY2Nlc3MiOiB7InRva2VuIjogeyJpc3N1ZWRfYXQiOiAiMjAxNC0wNi0yM1QyMTozODoxNi4yMzkxMzEiLCAiZXhwaXJlcyI6ICIyMDE0LTA2LTI0VDIxOjM4OjE2WiIsICJpZCI6ICJwbGFjZWhvbGRlciJ9LCAic2VydmljZUNhdGFsb2ciOiBbXSwgInVzZXIiOiB7InVzZXJuYW1lIjogImRlbW8iLCAicm9sZXNfbGlua3MiOiBbXSwgImlkIjogImE1ZjkwMGEwYTgyZDRiNjZhZTM3MDQ5NmU2NWY3MWMxIiwgInJvbGVzIjogW10sICJuYW1lIjogImRlbW8ifSwgIm1ldGFkYXRhIjogeyJpc19hZG1pbiI6IDAsICJyb2xlcyI6IFtdfX19MYIBgTCCAX0CAQEwXDBXMQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVW5zZXQxDjAMBgNVBAcMBVVuc2V0MQ4wDAYDVQQKDAVVbnNldDEYMBYGA1UEAwwPd3d3LmV4YW1wbGUuY29tAgEBMAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUABIIBAHPbhW7hiw5+CMOL0+5cc7zvLASY-kaWmdfhoBL1Cb5lgQsaBAFGObFJeH4bNJyiTR6c0IT93cvlN-DluGXZ-6DREGVlKUe9V9i-z+6XqGnnhJ4KwOeZoGPOwc2Vjh+NOlYw3c59DaDhWRL92DxhEgtuQK7ktrrNLEJ-kVyBqljHxgSNSkS7yev1kwwnYd26wg1--1jajzul5lHxzXXgEfvC9diKgXe9kOJTBTIy-lpH4zVYyTJpZFNRR9B7WpOrc+dt8QZdbHjCF3fKweUMFJTnjwtduYzm4-qqxizwOJXOqUEWdksRdxVDhslql1LhqBirLXcGyshYwAWxKtvZuBM=" }, "serviceCatalog":[ ], "user":{ "username":"demo", "roles_links":[ ], "id":"a5f900a0a82d4b66ae370496e65f71c1", "roles":[ ], "name":"demo" }, "metadata":{ "is_admin":0, "roles":[ ] } } }

Identity/Keystone Version 3

Option 1 - Unscoped token via Username+Password

• Input: Username: demo Password: password

• Output: { "token":{ "issued_at":"2014-06-23T21:42:04.858746Z", "extras":{ }, "methods":[ "password" ], "expires_at":"2014-06-24T21:42:04.858696Z", "user":{ "domain":{ "id":"default", "name":"Default" }, "id":"a5f900a0a82d4b66ae370496e65f71c1", "name":"demo" } } }

Auth Hash Schema

The following information is provided back to you for this provider:

{
  uid: user_id    # user ID from api response
  info: {
  },
  credentials: {
    username: username,
    secret: password,
    token: auth_token  # from Keystone
  },
  extra: { raw_info: full_raw_api_response (from Keystone) }
}

Contributing

1. Fork it ( https://github.com/[my-github-username]/omniauth-openstack-identity/fork )
2. Create your feature branch (git checkout -b my-new-feature)
3. Commit your changes (git commit -am 'Add some feature')
4. Push to the branch (git push origin my-new-feature)
5. Create a new Pull Request