access_token_agent 3.1.1 → 3.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: dc26e506a5e724e2f3fb483ffb8a8b7b74447e35
-  data.tar.gz: 31cce846d3c53a66737d2f5cb603dcf269ea3119
+SHA256:
+  metadata.gz: 9ce5b9bb39e762a8602e908ed0fd3f90a5a90a1ab5692b37512fd51fca5ffcbc
+  data.tar.gz: eb3bec64d9424a5197fc19e93ae26dd0d59f29a33fe3f1141dbffeed5e28ac9d
 SHA512:
-  metadata.gz: 560a1ce6c00cf31738b7d3c2d6ae7ee2ef0b9b9857e01aa620d299197f8cdba74daaf031a2cb5b7eee60d4f6c77e5f581ed86ed9e1a1279fb5ac83132d9a91a1
-  data.tar.gz: e5afd37637915dbe189fe7630b3b092e8cb588262f8c64167685711f9e2e0dc644bbbd08fc2f5d02a9333c35566dc5da2f36e29e17e607bdb20acd808cc17af5
+  metadata.gz: e6d2d273fb9013401936d16db02677ca8f84e843fe1634d79a2e03edab29eac96ee395d73275640177d610974bf652c1fe44303484d6150c22596db914118ee5
+  data.tar.gz: 1395a40b82a22e93cd3ff04b7b61fb56d5c76a281dc567f5713a5e3cdbec6558d545c506668f51ee7a374b277576b6bd8b931b0ecf64c6b470d5381f82250304

data/.gitignore

@@ -2,5 +2,6 @@ Gemfile.lock
 coverage/
 tmp/
 
+.ruby-version
 .ruby-gemset
 access_token_agent-*.gem

data/.gitlab-ci.yml

@@ -0,0 +1,54 @@
+image: ruby:2.7
+
+stages:
+  - test
+  - publish
+
+before_script:
+  - bundle config jobs 8
+  - bundle install --path=/tmp/bundler --quiet
+
+rubocop:
+  stage: test
+  image: ruby:2.2
+  script:
+    - bundle exec rubocop
+
+rspec_latest:
+  stage: test
+  image: ruby
+  script:
+    - bundle exec rspec
+
+rspec_2.6:
+  stage: test
+  image: ruby:2.6
+  script:
+    - bundle exec rspec
+
+rspec_2.5:
+  stage: test
+  image: ruby:2.5
+  script:
+    - bundle exec rspec
+
+rspec_2.2:
+  stage: test
+  image: ruby:2.2
+  script:
+    - bundle exec rspec
+
+publish_gem:
+  stage: publish
+  script:
+    - mkdir -p ~/.gem
+    - |
+      cat << EOF > ~/.gem/credentials
+      ---
+      :rubygems_api_key: ${RUBYGEMS_API_KEY}
+      EOF
+    - chmod 0600 ~/.gem/credentials
+    - gem build access_token_agent.gemspec
+    - gem push $(find `pwd` -name "access_token_agent-*.gem")
+  only:
+    - master

data/.rspec

@@ -0,0 +1 @@
+--color

data/.rubocop.yml

@@ -1,28 +1,44 @@
 AllCops:
-  TargetRubyVersion: 2.1
   Exclude:
+    - 'bin/**/*'
     - 'db/schema.rb'
     - 'doc/**/*'
-    - 'Gemfile'
-    - '*.gemspec'
+    - 'docker_app/**/*'
+    - 'Guardfile'
+    - 'tmp/**/*'
+    - 'vendor/**/*'
 
-Style/AsciiComments:
-  Enabled: false
+# We need to configure exemptions for blocks that we generally accept to be
+# long, since they are less comparable to methods and more comparable to
+# modules/classes.
+Metrics/BlockLength:
+  ExcludedMethods:
+    - context
+    - describe
+    - namespace
+  Exclude:
+    - 'config/environments/*.rb' # instead of excluding all :configure methods
+    - 'config/routes.rb'
+
+# The maximum amount of positional arguments in a method really shouldn't exceed
+# the rubocop default of 5.
+# However, keyword arguments do not make a method signature as unreadable as positional
+# arguments. There are valid cases for longer argument lists (e.g. data objects or
+# DSLs with implicit default values).
+# In those cases keyword args provide a good balance between readability and the need to
+# pass more arguments into an object.
+Metrics/ParameterLists:
+  CountKeywordArgs: false
 
 Style/Documentation:
   Enabled: false
 
-# Encoding comments are not neccessary in all 2.x versions of ruby, since
-# UTF-8 has become the default encoding.
-Style/Encoding:
-  EnforcedStyle: never
-  Enabled: true
-
 # This cop tries to make you use module_funtion instead of extend self
 # This is bad because both have their own use-case and should not be used
 # and sometimes cannot be used to do the same thing
 Style/ModuleFunction:
   Enabled: false
+
 # While it is very often useful to separate numbers after every three digits
 # for readability, this mostly doesn't make sense if the number doesn't
 # represent an amount but rather an identifier. Thus the use of underscores

data/CHANGELOG.md

@@ -1,3 +1,31 @@
+## 3.5.0
+
+- Support requesting scopes
+- Add requirement for Ruby 2.2 to gemspec (this was an implicit requirement before)
+
+## 3.4.0
+
+- Allows value of `token_type` to have any casing
+
+## 3.3.0
+
+- Add `instance` accessor to `AccessTokenAgent::Connector`
+
+## 3.2.1
+
+- Use a string as key in HTTP headers, to be compatible with Ruby < 2.3
+
+## 3.2.0
+
+- Add `http_auth_header` method to the connector, since this is the most
+  common use case
+- Deprecate the `authenticate` method in favor of the new `token` method
+- Allow to configure from which path to get the access token
+- Put all errors into the AccessTokenAgent namespace
+- Actually return a token when faking auth
+- Rename error raised for unsupported token types
+- Ensure that access token response carries an access token
+
 ## 3.1.1
 
 - Fix broken gem release (missing files)

data/Gemfile

@@ -1,4 +1,4 @@
-# encoding: UTF-8
+
 source 'https://rubygems.org'
 
 # Specify your gem's dependencies in auth_connector.gemspec

data/README.md

@@ -1,4 +1,4 @@
-[![Build Status](https://travis-ci.org/kaeuferportal/access_token_agent.svg?branch=master)](https://travis-ci.org/kaeuferportal/access_token_agent)
+[![Gem Version](https://badge.fury.io/rb/access_token_agent.svg)](https://badge.fury.io/rb/access_token_agent)
 
 # AccessTokenAgent
 
@@ -12,19 +12,19 @@ OAuth2 [client credentials flow](https://tools.ietf.org/html/rfc6749#section-4.4
 Add this line to your application's Gemfile:
 
 ```ruby
-gem 'access_token_agent', '~> 3.1'
+gem 'access_token_agent', '~> 3.4'
 ```
 
 And then execute:
 
     $ bundle
 
-## Configuration
+## Basic configuration
 
 Create an instance of AccessTokenAgent::Connector with the desired
 configuration and use that instance to authenticate.
 
-Needs the following parameters:
+Needs the following parameters to instantiate:
 
 * `host` - the server address where the auth provider is running.
 * `client_id` - the client_id of the application using this gem.
@@ -33,23 +33,41 @@ Needs the following parameters:
 Optional parameters:
 
 * `fake_auth` - if true, do not connect to the auth service and return
-   an empty access token (`nil`).
+   a faked access token.
+* `access_token_path` - Allows to customize the HTTP path where the
+  access token needs to be requested.
+  **Default:** `/oauth/token`
+* `scopes` - An array of scopes to be requested from the authorization server
+  **Default:** no scopes
 
 ### Example
 
 ```ruby
-AccessTokenAgent::Connector.new(host: 'https://auth.kaeuferportal.de',
-                                client_id: 'my_client',
-                                client_secret: 'very_secure_and_secret')
+@connector = AccessTokenAgent::Connector.new(host: 'https://auth.kaeuferportal.de',
+                                             client_id: 'my_client',
+                                             client_secret: 'very_secure_and_secret')
 ```
 
-## Usage
+## Sharing a connector
+
+When connecting to multiple endpoints you will commonly come across the need
+to share a single instance of a connector in multiple places, because your
+application will use the same configuration everywhere.
 
-Setup an AcccessTokenAgent::Connector instance (see Configuration) and call
-authenticate on it to receive your access_token.
+You can use the convenience accessor `instance` for that:
 
+```ruby
+AccessTokenAgent::Connector.instance = AccessTokenAgent::Connector.new(...)
 ```
-@access_token_agent.authenticate
+
+## Usage
+
+Set up an AcccessTokenAgent::Connector instance (see Configuration) and call
+`authenticate` on it to receive your access_token.
+
+```ruby
+AccessTokenAgent::Connector.instance.authenticate
+ => "XYZ"
 ```
 
 When no valid AccessToken is present a call to authenticate returns one of the
@@ -62,3 +80,12 @@ following:
 As long as a valid AccessToken is present a call to authenticate simply returns
 that AccessToken. An AccessToken is valid for a limited time. The exact value is
 determined by the auth response which contains an `expires_at` parameter.
+
+### As HTTP Header
+
+Since the most common use case is to include the access token as [RFC 6750](https://tools.ietf.org/html/rfc6750) bearer token, there is a method that returns the `Authorization: Bearer XYZ` header as hash:
+
+```ruby
+AccessTokenAgent::Connector.instance.http_auth_header
+ => { "Authorization" => "Bearer XYZ" }
+```

data/access_token_agent.gemspec

@@ -1,24 +1,28 @@
-# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'access_token_agent/version'
 
 Gem::Specification.new do |s|
   s.name        = 'access_token_agent'
-  s.version     = '3.1.1'
-  s.date        = '2016-04-08'
+  s.version     = AccessTokenAgent::VERSION
+  s.date        = '2020-10-02'
   s.summary     = 'Handles authentication against an OAuth2 provider'
-  s.homepage    = 'https://github.com/kaeuferportal/access_token_agent'
-  s.description = 'Retrieves an access token from an OAuth2 provider' \
+  s.homepage    = 'https://github.com/aroundhome/access_token_agent'
+  s.description = 'Retrieves an access token from an OAuth2 provider ' \
                   'using the supplied credentials.'
-  s.authors     = ['Beko Käuferportal GmbH']
-  s.email       = 'oss@kaeuferportal.de'
+  s.authors     = ['be Around GmbH']
+  s.email       = 'oss@aroundhome.de'
   s.license     = 'MIT'
   s.files       = `git ls-files -z`.split("\x0")
                                    .reject { |f| f.match(%r{^spec/}) }
 
-  s.add_development_dependency 'bundler', '~> 1.11'
-  s.add_development_dependency 'rspec', '~> 3.4'
+  s.required_ruby_version = '>= 2.2'
+
+  s.add_development_dependency 'bundler', '> 1.11', '< 3'
   s.add_development_dependency 'pry', '~> 0.10'
-  s.add_development_dependency 'rubocop', '~> 0.39'
-  s.add_development_dependency 'vcr', '~> 3.0'
-  s.add_development_dependency 'webmock', '~> 1.24'
-  s.add_development_dependency 'simplecov', '~> 0.11'
+  s.add_development_dependency 'rspec', '~> 3.4'
+  s.add_development_dependency 'rubocop', '0.51'
+  s.add_development_dependency 'simplecov', '~> 0.16'
+  s.add_development_dependency 'vcr', '~> 5.0'
+  s.add_development_dependency 'webmock', '~> 3.0'
 end

data/bin/console

@@ -0,0 +1,11 @@
+#!/usr/bin/env ruby
+
+require 'bundler/setup'
+require 'access_token_agent'
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+require 'pry'
+Pry.start

data/lib/access_token_agent.rb

@@ -3,3 +3,4 @@ require 'access_token_agent/unauthorized_error'
 require 'access_token_agent/connection_error'
 require 'access_token_agent/token'
 require 'access_token_agent/connector'
+require 'access_token_agent/version'

data/lib/access_token_agent/connector.rb

@@ -2,28 +2,51 @@ require 'net/http'
 
 module AccessTokenAgent
   class Connector
+    FAKE_TOKEN = 'FakeAuthToken'.freeze
+
+    class << self
+      attr_accessor :instance
+    end
+
     def initialize(host:,
                    client_id:,
                    client_secret:,
-                   fake_auth: false)
+                   fake_auth: false,
+                   access_token_path: '/oauth/token',
+                   scopes: nil)
       @host = host
       @client_id = client_id
       @client_secret = client_secret
       @fake_auth = fake_auth
+      @access_token_path = access_token_path
+      @scopes = scopes
     end
 
-    def authenticate
-      return if @fake_auth
-      fetch_token unless @known_token && @known_token.valid?
+    def http_auth_header
+      { 'Authorization' => "Bearer #{token}" }
+    end
+
+    def token
+      return FAKE_TOKEN if @fake_auth
+      @known_token = fetch_token unless @known_token && @known_token.valid?
+
       @known_token.value
     end
 
+    def authenticate
+      warn "[DEPRECATION] `#{self.class}.authenticate` is deprecated. " \
+           'Use `token` instead.'
+      token
+    end
+
+    private
+
     def fetch_token
-      @known_token = Token.new(from_auth)
+      Token.new(fetch_token_hash)
     end
 
-    def from_auth
-      response = request
+    def fetch_token_hash
+      response = perform_request
       case response.code
       when '200' then JSON.parse(response.body)
       when '401' then raise UnauthorizedError
@@ -34,10 +57,10 @@ module AccessTokenAgent
       raise ConnectionError
     end
 
-    def request
+    def perform_request
       request = Net::HTTP::Post.new(auth_uri)
       request.basic_auth @client_id, @client_secret
-      request.form_data = { 'grant_type' => 'client_credentials' }
+      request.form_data = form_data
       use_tls = auth_uri.scheme == 'https'
       Net::HTTP.start(auth_uri.hostname,
                       auth_uri.port,
@@ -47,7 +70,13 @@ module AccessTokenAgent
     end
 
     def auth_uri
-      @auth_uri ||= URI("#{@host}/oauth/token")
+      @auth_uri ||= URI("#{@host}#{@access_token_path}")
+    end
+
+    def form_data
+      result = { 'grant_type' => 'client_credentials' }
+      result['scope'] = @scopes.join(' ') if @scopes
+      result
     end
   end
 end

data/lib/access_token_agent/error.rb

@@ -1,2 +1,4 @@
-class Error < StandardError
+module AccessTokenAgent
+  class Error < StandardError
+  end
 end

data/lib/access_token_agent/missing_access_token.rb

@@ -0,0 +1,7 @@
+module AccessTokenAgent
+  class MissingAccessToken < Error
+    def initialize
+      super('The access token response did not contain an access token.')
+    end
+  end
+end

data/lib/access_token_agent/missing_token_type.rb

@@ -0,0 +1,7 @@
+module AccessTokenAgent
+  class MissingTokenType < Error
+    def initialize
+      super('The access token response did not contain a token type.')
+    end
+  end
+end

data/lib/access_token_agent/token.rb

@@ -1,4 +1,6 @@
-require 'access_token_agent/invalid_token_type_error'
+require 'access_token_agent/missing_access_token'
+require 'access_token_agent/missing_token_type'
+require 'access_token_agent/unsupported_token_type_error'
 
 module AccessTokenAgent
   class Token
@@ -7,9 +9,8 @@ module AccessTokenAgent
     EXPIRY_MARGIN = 60 # seconds
 
     def initialize(auth_response)
-      unless auth_response['token_type'] == 'bearer'
-        raise InvalidTokenTypeError, auth_response['token_type']
-      end
+      validate_response(auth_response)
+
       @value = auth_response['access_token']
       @expires_at = Time.now + auth_response['expires_in']
     end
@@ -17,5 +18,17 @@ module AccessTokenAgent
     def valid?
       @expires_at - EXPIRY_MARGIN > Time.now
     end
+
+    private
+
+    def validate_response(auth_response)
+      raise MissingTokenType if auth_response['token_type'].nil?
+      unless auth_response['token_type'].downcase == 'bearer'
+        raise UnsupportedTokenTypeError, auth_response['token_type']
+      end
+
+      token = auth_response['access_token']
+      raise MissingAccessToken if token.nil? || token.empty?
+    end
   end
 end

data/lib/access_token_agent/unsupported_token_type_error.rb

@@ -0,0 +1,7 @@
+module AccessTokenAgent
+  class UnsupportedTokenTypeError < Error
+    def initialize(token_type)
+      super("Expected token_type to be 'bearer', but was '#{token_type}'.")
+    end
+  end
+end

data/lib/access_token_agent/version.rb

@@ -0,0 +1,3 @@
+module AccessTokenAgent
+  VERSION = '3.5.0'.freeze
+end

metadata

@@ -1,136 +1,147 @@
 --- !ruby/object:Gem::Specification
 name: access_token_agent
 version: !ruby/object:Gem::Version
-  version: 3.1.1
+  version: 3.5.0
 platform: ruby
 authors:
-- Beko Käuferportal GmbH
+- be Around GmbH
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-04-08 00:00:00.000000000 Z
+date: 2020-10-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">"
       - !ruby/object:Gem::Version
         version: '1.11'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">"
       - !ruby/object:Gem::Version
         version: '1.11'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
 - !ruby/object:Gem::Dependency
-  name: rspec
+  name: pry
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.4'
+        version: '0.10'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.4'
+        version: '0.10'
 - !ruby/object:Gem::Dependency
-  name: pry
+  name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.10'
+        version: '3.4'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.10'
+        version: '3.4'
 - !ruby/object:Gem::Dependency
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0.39'
+        version: '0.51'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0.39'
+        version: '0.51'
 - !ruby/object:Gem::Dependency
-  name: vcr
+  name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '0.16'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '0.16'
 - !ruby/object:Gem::Dependency
-  name: webmock
+  name: vcr
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.24'
+        version: '5.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.24'
+        version: '5.0'
 - !ruby/object:Gem::Dependency
-  name: simplecov
+  name: webmock
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.11'
+        version: '3.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.11'
-description: Retrieves an access token from an OAuth2 providerusing the supplied credentials.
-email: oss@kaeuferportal.de
+        version: '3.0'
+description: Retrieves an access token from an OAuth2 provider using the supplied
+  credentials.
+email: oss@aroundhome.de
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
 - ".gitignore"
+- ".gitlab-ci.yml"
+- ".rspec"
 - ".rubocop.yml"
-- ".ruby-version"
-- ".travis.yml"
 - CHANGELOG.md
 - Gemfile
 - LICENSE.md
 - README.md
 - access_token_agent.gemspec
+- bin/console
 - lib/access_token_agent.rb
 - lib/access_token_agent/connection_error.rb
 - lib/access_token_agent/connector.rb
 - lib/access_token_agent/error.rb
-- lib/access_token_agent/invalid_token_type_error.rb
+- lib/access_token_agent/missing_access_token.rb
+- lib/access_token_agent/missing_token_type.rb
 - lib/access_token_agent/token.rb
 - lib/access_token_agent/unauthorized_error.rb
-homepage: https://github.com/kaeuferportal/access_token_agent
+- lib/access_token_agent/unsupported_token_type_error.rb
+- lib/access_token_agent/version.rb
+homepage: https://github.com/aroundhome/access_token_agent
 licenses:
 - MIT
 metadata: {}
@@ -142,15 +153,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '2.2'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.2.5
+rubygems_version: 3.1.4
 signing_key: 
 specification_version: 4
 summary: Handles authentication against an OAuth2 provider

data/.ruby-version

@@ -1 +0,0 @@
-2.1.10

data/.travis.yml

@@ -1,4 +0,0 @@
-language: ruby
-script:
-  - bundle exec rspec
-  - bundle exec rubocop

data/lib/access_token_agent/invalid_token_type_error.rb

@@ -1,5 +0,0 @@
-class InvalidTokenTypeError < Error
-  def initialize(token_type)
-    super("Expected token_type to be 'bearer', but was '#{token_type}'.")
-  end
-end