add omniauth model

Gemfile

@@ -34,6 +34,7 @@ gem "bootsnap", ">= 1.1.0", require: false
 group :development, :test do
   # Call 'byebug' anywhere in the code to stop execution and get a debugger console
   gem "byebug", platforms: [:mri, :mingw, :x64_mingw]
+  gem "ruby-lsp", "~> 0.3.8"
 end
 
 group :development do
@@ -64,7 +65,7 @@ gem "tzinfo-data", platforms: [:mingw, :mswin, :x64_mingw, :jruby]
 # gem "actionpack-action_caching"
 gem "jsbundling-rails"
 
-gem "devise"
+gem "devise", ">= 4.8.0"
 gem "devise-bootstrap-views"
 
 gem "cancancan", ">= 3.2.1"
@@ -81,3 +82,7 @@ gem "commonmarker", "~> 0.23.4"
 
 gem "rails-i18n", "~> 6.0"
 gem "devise-i18n"
+
+gem 'omniauth', ">= 2.0"
+gem 'omniauth-keycloak'
+gem 'omniauth-rails_csrf_protection'

Gemfile.lock

@@ -62,13 +62,15 @@ GEM
       zeitwerk (~> 2.3)
     addressable (2.8.0)
       public_suffix (>= 2.0.2, < 5.0)
+    aes_key_wrap (1.1.0)
     appengine (0.5.0)
       google-cloud-env (~> 1.2)
       stackdriver (~> 0.15)
     archive-zip (0.12.0)
       io-like (~> 0.3.0)
     ast (2.4.2)
-    bcrypt (3.1.13)
+    bcrypt (3.1.18)
+    bindata (2.4.14)
     bindex (0.8.1)
     binding_of_caller (0.8.0)
       debug_inspector (>= 0.0.1)
@@ -91,12 +93,12 @@ GEM
       nokogiri (~> 1.8)
     coderay (1.1.2)
     commonmarker (0.23.4)
-    concurrent-ruby (1.1.9)
+    concurrent-ruby (1.2.0)
     crass (1.0.6)
     debug_inspector (0.0.3)
     declarative (0.0.10)
     declarative-option (0.1.0)
-    devise (4.7.1)
+    devise (4.8.1)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 4.1.0)
@@ -106,7 +108,7 @@ GEM
     devise-i18n (1.9.4)
       devise (>= 4.7.1)
     digest-crc (0.5.1)
-    erubi (1.10.0)
+    erubi (1.12.0)
     faraday (1.0.1)
       multipart-post (>= 1.2, < 3)
     ffi (1.12.2)
@@ -186,19 +188,25 @@ GEM
     grpc (1.28.0)
       google-protobuf (~> 3.11)
       googleapis-common-protos-types (~> 1.0)
+    hashie (5.0.0)
     httpclient (2.8.3)
-    i18n (1.10.0)
+    i18n (1.12.0)
       concurrent-ruby (~> 1.0)
     io-like (0.3.1)
     jbuilder (2.10.0)
       activesupport (>= 5.0.0)
     jsbundling-rails (1.0.2)
       railties (>= 6.0.0)
+    json-jwt (1.13.0)
+      activesupport (>= 4.2)
+      aes_key_wrap
+      bindata
     jwt (2.2.1)
+    language_server-protocol (3.17.0.3)
     listen (3.2.1)
       rb-fsevent (~> 0.10, >= 0.10.3)
       rb-inotify (~> 0.9, >= 0.9.10)
-    loofah (2.14.0)
+    loofah (2.19.1)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.1)
@@ -207,26 +215,50 @@ GEM
     memoist (0.16.2)
     method_source (1.0.0)
     mini_mime (1.1.2)
-    mini_portile2 (2.8.0)
-    minitest (5.15.0)
+    mini_portile2 (2.8.1)
+    minitest (5.17.0)
     msgpack (1.3.3)
     multi_json (1.14.1)
+    multi_xml (0.6.0)
     multipart-post (2.1.1)
     mysql2 (0.5.3)
     nio4r (2.5.8)
-    nokogiri (1.13.3)
+    nokogiri (1.14.1)
       mini_portile2 (~> 2.8.0)
       racc (~> 1.4)
+    oauth2 (2.0.9)
+      faraday (>= 0.17.3, < 3.0)
+      jwt (>= 1.0, < 3.0)
+      multi_xml (~> 0.5)
+      rack (>= 1.2, < 4)
+      snaky_hash (~> 2.0)
+      version_gem (~> 1.1)
     octicons (10.0.0)
       nokogiri (>= 1.6.3.1)
     octicons_helper (10.0.0)
       octicons (= 10.0.0)
       rails
+    omniauth (2.1.1)
+      hashie (>= 3.4.6)
+      rack (>= 2.2.3)
+      rack-protection
+    omniauth-keycloak (1.4.4)
+      faraday
+      json-jwt (~> 1.13.0)
+      omniauth (>= 2.0)
+      omniauth-oauth2 (~> 1.7.1)
+    omniauth-oauth2 (1.7.3)
+      oauth2 (>= 1.4, < 3)
+      omniauth (>= 1.9, < 3)
+    omniauth-rails_csrf_protection (1.0.1)
+      actionpack (>= 4.2)
+      omniauth (~> 2.0)
     orm_adapter (0.5.0)
     os (1.1.0)
     parallel (1.20.1)
     parser (3.0.0.0)
       ast (~> 2.4.1)
+    prettier_print (1.2.0)
     pry (0.13.0)
       coderay (~> 1.1)
       method_source (~> 1.0)
@@ -236,10 +268,12 @@ GEM
     public_suffix (4.0.6)
     puma (4.3.12)
       nio4r (~> 2.0)
-    racc (1.6.0)
-    rack (2.2.3)
-    rack-test (1.1.0)
-      rack (>= 1.0, < 3)
+    racc (1.6.2)
+    rack (2.2.6.2)
+    rack-protection (3.0.5)
+      rack
+    rack-test (2.0.2)
+      rack (>= 1.3)
     rails (6.1.4.6)
       actioncable (= 6.1.4.6)
       actionmailbox (= 6.1.4.6)
@@ -258,8 +292,8 @@ GEM
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.4.2)
-      loofah (~> 2.3)
+    rails-html-sanitizer (1.5.0)
+      loofah (~> 2.19, >= 2.19.1)
     rails-i18n (6.0.0)
       i18n (>= 0.7, < 2)
       railties (>= 6.0.0, < 7)
@@ -279,9 +313,9 @@ GEM
       declarative (< 0.1.0)
       declarative-option (< 0.2.0)
       uber (< 0.2.0)
-    responders (3.0.0)
-      actionpack (>= 5.0)
-      railties (>= 5.0)
+    responders (3.1.0)
+      actionpack (>= 5.2)
+      railties (>= 5.2)
     retriable (3.1.2)
     rexml (3.2.5)
     rly (0.2.3)
@@ -303,6 +337,10 @@ GEM
       activesupport (>= 4.2.0)
       rack (>= 1.1)
       rubocop (>= 0.90.0, < 2.0)
+    ruby-lsp (0.3.8)
+      language_server-protocol (~> 3.17.0)
+      sorbet-runtime
+      syntax_tree (>= 5.0.0, < 6)
     ruby-progressbar (1.11.0)
     rubyzip (2.3.0)
     selenium-webdriver (3.142.7)
@@ -313,6 +351,10 @@ GEM
       faraday (>= 0.17.3, < 2.0)
       jwt (>= 1.5, < 3.0)
       multi_json (~> 1.10)
+    snaky_hash (2.0.1)
+      hashie
+      version_gem (~> 1.1, >= 1.1.1)
+    sorbet-runtime (0.5.10648)
     spring (2.1.0)
     spring-watcher-listen (2.0.1)
       listen (>= 2.7, < 4.0)
@@ -331,16 +373,19 @@ GEM
       google-cloud-trace (~> 0.33)
     stackdriver-core (1.4.0)
       google-cloud-core (~> 1.2)
+    syntax_tree (5.3.0)
+      prettier_print (>= 1.2.0)
     thor (1.2.1)
     turbolinks (5.2.1)
       turbolinks-source (~> 5.2)
     turbolinks-source (5.2.0)
-    tzinfo (2.0.4)
+    tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
     uber (0.1.0)
     unicode-display_width (2.0.0)
-    warden (1.2.8)
-      rack (>= 2.0.6)
+    version_gem (1.1.1)
+    warden (1.2.9)
+      rack (>= 2.0.9)
     web-console (4.0.1)
       actionview (>= 6.0.0)
       activemodel (>= 6.0.0)
@@ -351,7 +396,7 @@ GEM
     websocket-extensions (0.1.5)
     xpath (3.2.0)
       nokogiri (~> 1.8)
-    zeitwerk (2.5.4)
+    zeitwerk (2.6.6)
 
 PLATFORMS
   ruby
@@ -365,7 +410,7 @@ DEPENDENCIES
   capybara (>= 2.15)
   chromedriver-helper
   commonmarker (~> 0.23.4)
-  devise
+  devise (>= 4.8.0)
   devise-bootstrap-views
   devise-i18n
   google-cloud-storage (~> 1.8)
@@ -374,13 +419,17 @@ DEPENDENCIES
   listen (>= 3.0.5)
   mysql2 (~> 0.5.3)
   octicons_helper (~> 10.0)
+  omniauth (>= 2.0)
+  omniauth-keycloak
+  omniauth-rails_csrf_protection
   pry-byebug
   puma (~> 4.3)
   rails (~> 6.1.4)
   rails-i18n (~> 6.0)
   rubocop (~> 1.8.0)
   rubocop-performance (~> 1.9.2)
   rubocop-rails (~> 2.9.1)
+  ruby-lsp (~> 0.3.8)
   selenium-webdriver
   spring
   spring-watcher-listen (~> 2.0.0)

app/models/user.rb

@@ -17,8 +17,8 @@ class User < ApplicationRecord
   # Include default devise modules. Others available are:
   # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
   devise :database_authenticatable, :registerable,
-         :recoverable, :rememberable, :validatable, :lockable, :trackable
-
+         :recoverable, :rememberable, :validatable, :lockable, :trackable,
+         :omniauthable, omniauth_providers: %i[keycloakopenid]
   def email_required?
     false
   end

config/initializers/devise.rb

@@ -261,6 +261,10 @@
   # up on your models and hooks.
   # config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo'
 
+  require "omniauth"
+  config.omniauth :keycloak_openid, ENV["KEYCLOAK_CLIENT_ID"], ENV["KEYCLOAK_CLIENT_SECRET"],
+    client_options: { site: ENV["KEYCLOAK_ENDPOINT"], realm: ENV["KEYCLOAK_REALM"] },
+    strategy_class: OmniAuth::Strategies::KeycloakOpenId
   # ==> Warden configuration
   # If you want to use other strategies, that are not supported by Devise, or
   # change the failure app, you can configure them inside the config.warden block.