afal-auth
OfficialOmniAuth AFAL IdP auth for Rails apps
System Documentation
What problem does it solve?
Provides a standardized, secure authentication pattern for AFAL Rails applications that centralizes sign-in through the AFAL IdP and replaces ad-hoc or insecure local auth approaches. It removes ambiguity about credentials handling, session lifecycle, and multi-tenant scoping so teams can implement production-ready SSO consistently.
Core Features & Use Cases
- OmniAuth Strategy: Custom OAuth2 strategy named afal_idp that retrieves id, email, name, employee_id, roles, and organization from the IdP userinfo endpoint.
- Session Management: Database-backed Session model for audit trails, tracked via cookies.signed[:session_id] to enable server-side revocation and per-login metadata (user_agent, ip_address).
- Controller Concern & Current Attributes: Opt-out authentication via a shared Authentication concern that resumes sessions into Current.user and Current.session, with model defaults for multi-tenancy.
- Security & Testing: Uses Rails.application.credentials for IdP secrets, recommends omniauth-rails_csrf_protection, and includes Minitest patterns and fixtures for reliable test coverage.
Quick Start
Redirect users to /auth/afal_idp, implement SessionsController#create to find or create a User from the OmniAuth hash, create a Session record, and set cookies.signed[:session_id] to the session id.
Dependency Matrix
Required Modules
None requiredComponents
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: afal-auth Download link: https://github.com/Grupo-AFAL/claude-plugins/archive/main.zip#afal-auth Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.