/omniauth-yoti

Yoti strategy for OmniAuth

Primary LanguageRubyMIT LicenseMIT

OmniAuth Yoti

This gem contains the Yoti strategy for OmniAuth.

Before You Begin

You should have already installed OmniAuth into your app. If not, read the OmniAuth README to get started.

Now sign in into the Yoti dashboard and create an application. Take note of your Application ID and Yoti client SDK ID because that is what your web application will use to authenticate against the Yoti API. Make sure to set a callback URL to YOUR_SITE/auth/yoti/callback, and download the pem key.

Using This Strategy

Add this line to your application's Gemfile:

gem 'omniauth-yoti'

And then execute:

bundle

Or install it yourself as:

gem install omniauth-yoti

Configuration

Yoti client initialisation looks like this:

require 'omniauth-yoti'

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :yoti, client_options: {
    application_id: ENV['YOTI_APPLICATION_ID'],
    client_sdk_id: ENV['YOTI_CLIENT_SDK_ID'],
    key_file_path: ENV['YOTI_KEY_FILE_PATH']
  }
end

YOTI_APPLICATION_ID - found on the Integrations settings page, under the Login button section.

YOTI_CLIENT_SDK_ID - found on the Integrations settings page.

YOTI_KEY_FILE_PATH - the full path to your security key downloaded from the Keys settings page (e.g. /Users/developer/access-security.pem).

If you don't have access to the file system to store the pem file, you can replace key_file_path with key, that stores a string with the content of the secret key (key: "-----BEGIN RSA PRIVATE KEY-----\nMIIEp...").

The configuration values are documented in the Yoti gem repository.

Authentication

A call to /auth/yoti/callback will open the Yoti authentication page, and after a successful authentication, you will be redirected to the callback URL from your Yoti dashboard. The auth hash will be available in request.env['omniauth.auth']:

{
  "provider" => "yoti",
  "uid" => "mHvpV4...",
  "info" => {
    "name" => "John Doe",
    "selfie" => "jpeg image data file",
    "full_name" => "John Doe",
    "given_names" => "John",
    "family_name" => "Doe",
    "phone_number" => "07474747474",
    "email_address" => "email@example.com",
    "date_of_birth" => "1989-11-09",
    "postal_address" => "Fountain House\n130 Fenchurch St\nLONDON\nEC3M 5DJ",
    "gender" => "MALE",
    "nationality" => "GBR"
    "base64_selfie_uri" => "data:image/jpeg;base64,/9j/2wCEAAMCAg..."
    "age_verified" => true
  },
  "credentials" => {},
  "extra" => {
    { "raw_info" =>
      {
        "selfie" => "jpeg image data file",
        "full_name" => "John Doe",
        "given_names" => "Given Name",
        "family_name" => "Family Name",
        "phone_number" => "07474747474",
        "email_address" => "email@example.com",
        "date_of_birth" => "1989-11-09",
        "postal_address" => "Fountain House\n130 Fenchurch St\nLONDON\nEC3M 5DJ",
        "gender" => "MALE",
        "nationality" => "GBR",
        "age_over:18" => true
      }
    }
}

Upgrading from version 1.1

Most of the profile attributes that were being stored in the extra fields got moved to info.

e.g. request.env['omniauth.auth']['extra']['given_names'] will become request.env['omniauth.auth']['info']['given_names']