Currently Decidim is somewhat "locked" to the OmniAuth strategies that it ships with as defined here:
https://git.io/Je4p5
To add new methods, you will need to override the constant which is a bad convention.
Another thing is that with certain OmniAuth strategies, we need to have the control over the callback route and possibly also of the sign out route (in order to send a sign out request to the service in question). These are not straight forward to implement in Decidim right now.
As an example, you can take a look at the Suomi.fi module we've built which is a SAML2 based authentication method:
https://github.com/mainio/decidim-module-suomifi
Here is what we need to do to add the new OmniAuth strategy in the first place:
https://git.io/Je4pF
Here is what we need to do to take control of the callback and passthru routes:
https://git.io/Je4pb
Here is what we need to do to take control of the sign out flow:
https://git.io/Je4pA
https://git.io/Je4pp
If you spend few moments investigating those pieces of code, you will notice that it's quite a hack currently to implement these. It's even worse when we have to implement multiple methods that all need e.g. individual sign out flow controls.
Compartir