class CreateAccountIdentities < ActiveRecord::Migration[5.2]
  def change
    create_table :account_identities do |t|
      # t.references :account, null: false, foreign_key: { on_delete: :cascade }
      t.bigint :account_id, null: false
      t.datetime :created_at, null: false
      t.datetime :updated_at, null: false
      t.string :provider, null: false
      t.string :uid, null: false
      t.index [:provider, :uid], unique: true
      t.index ["account_id"], name: "index_account_identities_on_account_id"
    end
  end  
end

accounts_table :users

  configure do
    enable :login, :logout, :remember, :jwt, :jwt_refresh, :internal_request, :omniauth
    omniauth_provider :authentik, ENV['authentik_client_id'], ENV['authentik_client_secret'],
      client_options: {
        site: 'https://my.authentik.website.it',
        authorize_url: 'https://my.authentik.website.it/application/o/authorize/',
        token_url: 'https://my.authentik.website.it/application/o/token/'
      },
      authorize_params: { redirect_uri: "https://my.rails.website.it/auth/authentik/callback" },
      token_params: { redirect_uri: "https://my.rails.website.it/auth/authentik/callback" }
    omniauth_identity_insert_hash { super().merge(created_at: Time.now) }
    omniauth_identity_update_hash { { updated_at: Time.now } }

# loading lib/omniauth/strategies/authentik.rb
require 'omniauth/strategies/authentik'

require 'omniauth-oauth2'
# https://github.com/omniauth/omniauth-oauth2
module OmniAuth
  module Strategies
    class Authentik < OmniAuth::Strategies::OAuth2
      option :name, "authentik"
      option :client_options, {}
      uid { raw_info['sub'] }
      info do
        {
          email: raw_info['email'],
          name: raw_info['name']
        }
      end
      extra do
        { raw_info: raw_info }
      end
      def raw_info
        @raw_info ||= access_token.get('/application/o/userinfo/').parsed
      end
    end
  end
end