Better control of the OmniAuth authentication flows + adding new OmniAuth strategies
Currently Decidim is somewhat "locked" to the OmniAuth strategies that it ships with as defined here:
To add new methods, you will need to override the constant which is a bad convention.
Another thing is that with certain OmniAuth strategies, we need to have the control over the callback route and possibly also of the sign out route (in order to send a sign out request to the service in question). These are not straight forward to implement in Decidim right now.
As an example, you can take a look at the Suomi.fi module we've built which is a SAML2 based authentication method:
Here is what we need to do to add the new OmniAuth strategy in the first place:
Here is what we need to do to take control of the callback and passthru routes:
If you spend few moments investigating those pieces of code, you will notice that it's quite a hack currently to implement these. It's even worse when we have to implement multiple methods that all need e.g. individual sign out flow controls.
List of Endorsements
Report inappropriate content
Is this content inappropriate?