authlete 1.19.0 → 1.21.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/authlete/model/client-extension.rb +6 -1
- data/lib/authlete/model/client.rb +7 -1
- data/lib/authlete/model/service.rb +23 -5
- data/lib/authlete/version.rb +1 -1
- data/test/authlete/model/test_client-extension.rb +7 -2
- data/test/authlete/model/test_client.rb +15 -5
- data/test/authlete/model/test_service.rb +21 -7
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: aa7e3f6284c06767eef0769f49d23b45d814b05143e1e814851601d7b0fe4d4d
|
4
|
+
data.tar.gz: 592b75c5d9b63bf1ce2b6e6043a60b2b5a349d8b93d54215e168bfb20b9bb4d5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 97116cc29a6312fc46f738b503b350b030cbdd7bd28c33fdab6d0761ec5774244472bf3bb4400bfd0457caf0fe16a6c1bb9480fcf22d0929b21202581bda856d
|
7
|
+
data.tar.gz: b1df3677a66b7cd5526405c7a71d024753ecba058a4152aa9f4a68e020bc4483cd705aecb68ced4c7796bf137be3799380268074277a2ac42c12a070d54a3622
|
@@ -36,6 +36,9 @@ module Authlete
|
|
36
36
|
alias_method :refresh_token_duration, :refreshTokenDuration
|
37
37
|
alias_method :refresh_token_duration=, :refreshTokenDuration=
|
38
38
|
|
39
|
+
attr_accessor :tokenExchangePermitted
|
40
|
+
alias_method :token_exchange_permitted, :tokenExchangePermitted
|
41
|
+
alias_method :token_exchange_permitted=, :tokenExchangePermitted=
|
39
42
|
private
|
40
43
|
|
41
44
|
def defaults
|
@@ -43,7 +46,8 @@ module Authlete
|
|
43
46
|
requestableScopes: nil,
|
44
47
|
requestableScopesEnabled: false,
|
45
48
|
accessTokenDuration: 0,
|
46
|
-
refreshTokenDuration: 0
|
49
|
+
refreshTokenDuration: 0,
|
50
|
+
tokenExchangePermitted: false
|
47
51
|
}
|
48
52
|
end
|
49
53
|
|
@@ -52,6 +56,7 @@ module Authlete
|
|
52
56
|
@requestableScopesEnabled = hash[:requestableScopesEnabled]
|
53
57
|
@accessTokenDuration = hash[:accessTokenDuration]
|
54
58
|
@refreshTokenDuration = hash[:refreshTokenDuration]
|
59
|
+
@tokenExchangePermitted = hash[:tokenExchangePermitted]
|
55
60
|
end
|
56
61
|
end
|
57
62
|
end
|
@@ -308,6 +308,10 @@ module Authlete
|
|
308
308
|
attr_accessor :digestAlgorithm
|
309
309
|
alias_method :digest_algorithm, :digestAlgorithm
|
310
310
|
alias_method :digest_algorithm=, :digestAlgorithm=
|
311
|
+
|
312
|
+
attr_accessor :singleAccessTokenPerSubject
|
313
|
+
alias_method :single_access_token_per_subject, :singleAccessTokenPerSubject
|
314
|
+
alias_method :single_access_token_per_subject=, :singleAccessTokenPerSubject=
|
311
315
|
private
|
312
316
|
|
313
317
|
def defaults
|
@@ -387,7 +391,8 @@ module Authlete
|
|
387
391
|
frontChannelRequestObjectEncryptionRequired: false,
|
388
392
|
requestObjectEncryptionAlgMatchRequired: false,
|
389
393
|
requestObjectEncryptionEncMatchRequired: false,
|
390
|
-
digestAlgorithm: nil
|
394
|
+
digestAlgorithm: nil,
|
395
|
+
singleAccessTokenPerSubject: false
|
391
396
|
}
|
392
397
|
end
|
393
398
|
|
@@ -468,6 +473,7 @@ module Authlete
|
|
468
473
|
@requestObjectEncryptionAlgMatchRequired = hash[:requestObjectEncryptionAlgMatchRequired]
|
469
474
|
@requestObjectEncryptionEncMatchRequired = hash[:requestObjectEncryptionEncMatchRequired]
|
470
475
|
@digestAlgorithm = hash[:digestAlgorithm]
|
476
|
+
@singleAccessTokenPerSubject = hash[:singleAccessTokenPerSubject]
|
471
477
|
end
|
472
478
|
|
473
479
|
def to_hash_value(key, var)
|
@@ -555,14 +555,26 @@ module Authlete
|
|
555
555
|
alias_method :federation_registration_endpoint, :federationRegistrationEndpoint
|
556
556
|
alias_method :federation_registration_endpoint=, :federationRegistrationEndpoint=
|
557
557
|
|
558
|
-
attr_accessor :
|
559
|
-
alias_method :
|
560
|
-
alias_method :
|
558
|
+
attr_accessor :supportedClientRegistrationTypes
|
559
|
+
alias_method :supported_client_registration_types, :supportedClientRegistrationTypes
|
560
|
+
alias_method :supported_client_registration_types=, :supportedClientRegistrationTypes=
|
561
561
|
|
562
562
|
attr_accessor :trustAnchors
|
563
563
|
alias_method :trust_anchors, :trustAnchors
|
564
564
|
alias_method :trust_anchors=, :trustAnchors=
|
565
565
|
|
566
|
+
attr_accessor :tokenExchangeByIdentifiableClientsOnly
|
567
|
+
alias_method :token_exchange_by_identifiable_clients_only, :tokenExchangeByIdentifiableClientsOnly
|
568
|
+
alias_method :token_exchange_by_identifiable_clients_only=, :tokenExchangeByIdentifiableClientsOnly=
|
569
|
+
|
570
|
+
attr_accessor :tokenExchangeByConfidentialClientsOnly
|
571
|
+
alias_method :token_exchange_by_confidential_clients_only, :tokenExchangeByConfidentialClientsOnly
|
572
|
+
alias_method :token_exchange_by_confidential_clients_only=, :tokenExchangeByConfidentialClientsOnly=
|
573
|
+
|
574
|
+
attr_accessor :tokenExchangeByPermittedClientsOnly
|
575
|
+
alias_method :token_exchange_by_permitted_clients_only, :tokenExchangeByPermittedClientsOnly
|
576
|
+
alias_method :token_exchange_by_permitted_clients_only=, :tokenExchangeByPermittedClientsOnly=
|
577
|
+
|
566
578
|
private
|
567
579
|
|
568
580
|
def defaults
|
@@ -704,8 +716,11 @@ module Authlete
|
|
704
716
|
federationJwks: nil,
|
705
717
|
signedJwksUri: nil,
|
706
718
|
federationRegistrationEndpoint: nil,
|
707
|
-
|
719
|
+
supportedClientRegistrationTypes: nil,
|
708
720
|
trustAnchors: nil,
|
721
|
+
tokenExchangeByIdentifiableClientsOnly: false,
|
722
|
+
tokenExchangeByConfidentialClientsOnly: false,
|
723
|
+
tokenExchangeByPermittedClientsOnly: false,
|
709
724
|
}
|
710
725
|
end
|
711
726
|
|
@@ -847,8 +862,11 @@ module Authlete
|
|
847
862
|
@federationJwks = hash[:federationJwks]
|
848
863
|
@signedJwksUri = hash[:signedJwksUri]
|
849
864
|
@federationRegistrationEndpoint = hash[:federationRegistrationEndpoint]
|
850
|
-
@
|
865
|
+
@supportedClientRegistrationTypes = hash[:supportedClientRegistrationTypes]
|
851
866
|
@trustAnchors = get_parsed_array(hash[:trustAnchors]) { |e| Authlete::Model::TrustAnchor.parse(e) }
|
867
|
+
@tokenExchangeByIdentifiableClientsOnly = hash[:tokenExchangeByIdentifiableClientsOnly]
|
868
|
+
@tokenExchangeByConfidentialClientsOnly = hash[:tokenExchangeByConfidentialClientsOnly]
|
869
|
+
@tokenExchangeByPermittedClientsOnly = hash[:tokenExchangeByPermittedClientsOnly]
|
852
870
|
|
853
871
|
end
|
854
872
|
|
data/lib/authlete/version.rb
CHANGED
@@ -25,6 +25,7 @@ class ClientExtensionTest < Minitest::Test
|
|
25
25
|
REQUESTABLE_SCOPES_ENABLED = true
|
26
26
|
ACCESS_TOKEN_DURATION = 10000
|
27
27
|
REFRESH_TOKEN_DURATION = 10000
|
28
|
+
TOKEN_EXCHANGE_PERMITTED = false
|
28
29
|
|
29
30
|
|
30
31
|
def generate_json
|
@@ -33,7 +34,8 @@ class ClientExtensionTest < Minitest::Test
|
|
33
34
|
"requestableScopes": [ "<requestable-scope0>", "<requestable-scope1>" ],
|
34
35
|
"requestableScopesEnabled": true,
|
35
36
|
"accessTokenDuration": 10000,
|
36
|
-
"refreshTokenDuration": 10000
|
37
|
+
"refreshTokenDuration": 10000,
|
38
|
+
"tokenExchangePermitted": false
|
37
39
|
}
|
38
40
|
JSON
|
39
41
|
end
|
@@ -44,7 +46,8 @@ class ClientExtensionTest < Minitest::Test
|
|
44
46
|
requestableScopes: %w(<requestable-scope0> <requestable-scope1>),
|
45
47
|
requestableScopesEnabled: true,
|
46
48
|
accessTokenDuration: 10000,
|
47
|
-
refreshTokenDuration: 10000
|
49
|
+
refreshTokenDuration: 10000,
|
50
|
+
tokenExchangePermitted: false
|
48
51
|
}
|
49
52
|
end
|
50
53
|
|
@@ -54,6 +57,7 @@ class ClientExtensionTest < Minitest::Test
|
|
54
57
|
obj.requestable_scopes_enabled = REQUESTABLE_SCOPES_ENABLED
|
55
58
|
obj.access_token_duration = ACCESS_TOKEN_DURATION
|
56
59
|
obj.refresh_token_duration = REFRESH_TOKEN_DURATION
|
60
|
+
obj.token_exchange_permitted = TOKEN_EXCHANGE_PERMITTED
|
57
61
|
end
|
58
62
|
|
59
63
|
|
@@ -62,6 +66,7 @@ class ClientExtensionTest < Minitest::Test
|
|
62
66
|
assert_equal REQUESTABLE_SCOPES_ENABLED, obj.requestableScopesEnabled
|
63
67
|
assert_equal ACCESS_TOKEN_DURATION, obj.accessTokenDuration
|
64
68
|
assert_equal REFRESH_TOKEN_DURATION, obj.refreshTokenDuration
|
69
|
+
assert_equal TOKEN_EXCHANGE_PERMITTED, obj.tokenExchangePermitted
|
65
70
|
end
|
66
71
|
|
67
72
|
|
@@ -85,11 +85,13 @@ class ClientTest < Minitest::Test
|
|
85
85
|
REQUESTABLE_SCOPES_ENABLED = true
|
86
86
|
ACCESS_TOKEN_DURATION = 10000
|
87
87
|
REFRESH_TOKEN_DURATION = 10000
|
88
|
+
TOKEN_EXCHANGE_PERMITTED = false
|
88
89
|
EXTENSION = Authlete::Model::ClientExtension.new(
|
89
90
|
requestableScopes: REQUESTABLE_SCOPES,
|
90
91
|
requestableScopesEnabled: REQUESTABLE_SCOPES_ENABLED,
|
91
92
|
accessTokenDuration: ACCESS_TOKEN_DURATION,
|
92
|
-
refreshTokenDuration: REFRESH_TOKEN_DURATION
|
93
|
+
refreshTokenDuration: REFRESH_TOKEN_DURATION,
|
94
|
+
tokenExchangePermitted: TOKEN_EXCHANGE_PERMITTED
|
93
95
|
)
|
94
96
|
TLS_CLIENT_AUTH_SUBJECT_DN = '<tls-client-auth-subject-dn>'
|
95
97
|
TLS_CLIENT_AUTH_SAN_DNS = '<tls-client-auth-san-dns>'
|
@@ -120,6 +122,7 @@ class ClientTest < Minitest::Test
|
|
120
122
|
REQUEST_OBJECT_ENCRYPTION_ALG_MATCH_REQUIRED = false
|
121
123
|
REQUEST_OBJECT_ENCRYPTION_ENC_MATCH_REQUIRED = false
|
122
124
|
DIGEST_ALGORITHM = '<digest-algorithm>'
|
125
|
+
SINGLE_ACCESS_TOKEN_PER_SUBJECT = false
|
123
126
|
|
124
127
|
def generate_json
|
125
128
|
return <<~JSON
|
@@ -176,7 +179,8 @@ class ClientTest < Minitest::Test
|
|
176
179
|
"requestableScopes": [ "<requestable-scope0>", "<requestable-scope1>" ],
|
177
180
|
"requestableScopesEnabled": true,
|
178
181
|
"accessTokenDuration": 10000,
|
179
|
-
"refreshTokenDuration": 10000
|
182
|
+
"refreshTokenDuration": 10000,
|
183
|
+
"tokenExchangePermitted": false
|
180
184
|
},
|
181
185
|
"tlsClientAuthSubjectDn": "<tls-client-auth-subject-dn>",
|
182
186
|
"tlsClientAuthSanDns": "<tls-client-auth-san-dns>",
|
@@ -204,7 +208,8 @@ class ClientTest < Minitest::Test
|
|
204
208
|
"frontChannelRequestObjectEncryptionRequired": false,
|
205
209
|
"requestObjectEncryptionAlgMatchRequired": false,
|
206
210
|
"requestObjectEncryptionEncMatchRequired": false,
|
207
|
-
"digestAlgorithm": "<digest-algorithm>"
|
211
|
+
"digestAlgorithm": "<digest-algorithm>",
|
212
|
+
"singleAccessTokenPerSubject": false
|
208
213
|
}
|
209
214
|
JSON
|
210
215
|
end
|
@@ -264,7 +269,8 @@ class ClientTest < Minitest::Test
|
|
264
269
|
requestableScopes: [ '<requestable-scope0>', '<requestable-scope1>' ],
|
265
270
|
requestableScopesEnabled: true,
|
266
271
|
accessTokenDuration: 10000,
|
267
|
-
refreshTokenDuration: 10000
|
272
|
+
refreshTokenDuration: 10000,
|
273
|
+
tokenExchangePermitted: false
|
268
274
|
},
|
269
275
|
tlsClientAuthSubjectDn: '<tls-client-auth-subject-dn>',
|
270
276
|
tlsClientAuthSanDns: '<tls-client-auth-san-dns>',
|
@@ -292,7 +298,8 @@ class ClientTest < Minitest::Test
|
|
292
298
|
frontChannelRequestObjectEncryptionRequired: false,
|
293
299
|
requestObjectEncryptionAlgMatchRequired: false,
|
294
300
|
requestObjectEncryptionEncMatchRequired: false,
|
295
|
-
digestAlgorithm: '<digest-algorithm>'
|
301
|
+
digestAlgorithm: '<digest-algorithm>',
|
302
|
+
singleAccessTokenPerSubject: false
|
296
303
|
}
|
297
304
|
end
|
298
305
|
|
@@ -374,6 +381,7 @@ class ClientTest < Minitest::Test
|
|
374
381
|
obj.requestObjectEncryptionAlgMatchRequired = REQUEST_OBJECT_ENCRYPTION_ALG_MATCH_REQUIRED
|
375
382
|
obj.requestObjectEncryptionEncMatchRequired = REQUEST_OBJECT_ENCRYPTION_ENC_MATCH_REQUIRED
|
376
383
|
obj.digestAlgorithm = DIGEST_ALGORITHM
|
384
|
+
obj.singleAccessTokenPerSubject = SINGLE_ACCESS_TOKEN_PER_SUBJECT
|
377
385
|
end
|
378
386
|
|
379
387
|
|
@@ -436,6 +444,7 @@ class ClientTest < Minitest::Test
|
|
436
444
|
assert_equal REQUESTABLE_SCOPES_ENABLED, obj.extension.requestableScopesEnabled
|
437
445
|
assert_equal ACCESS_TOKEN_DURATION, obj.extension.accessTokenDuration
|
438
446
|
assert_equal REFRESH_TOKEN_DURATION, obj.extension.refreshTokenDuration
|
447
|
+
assert_equal TOKEN_EXCHANGE_PERMITTED, obj.extension.tokenExchangePermitted
|
439
448
|
assert_equal TLS_CLIENT_AUTH_SUBJECT_DN, obj.tlsClientAuthSubjectDn
|
440
449
|
assert_equal TLS_CLIENT_AUTH_SAN_DNS, obj.tlsClientAuthSanDns
|
441
450
|
assert_equal TLS_CLIENT_AUTH_SAN_URI, obj.tlsClientAuthSanUri
|
@@ -462,6 +471,7 @@ class ClientTest < Minitest::Test
|
|
462
471
|
assert_equal REQUEST_OBJECT_ENCRYPTION_ALG_MATCH_REQUIRED, obj.requestObjectEncryptionAlgMatchRequired
|
463
472
|
assert_equal REQUEST_OBJECT_ENCRYPTION_ENC_MATCH_REQUIRED, obj.requestObjectEncryptionEncMatchRequired
|
464
473
|
assert_equal DIGEST_ALGORITHM, obj.digestAlgorithm
|
474
|
+
assert_equal SINGLE_ACCESS_TOKEN_PER_SUBJECT, obj.singleAccessTokenPerSubject
|
465
475
|
end
|
466
476
|
|
467
477
|
|
@@ -179,11 +179,13 @@ class ServiceTest < Minitest::Test
|
|
179
179
|
FEDERATION_JWKS = '<federation-jwks>'
|
180
180
|
SIGNED_JWKS_URI = '<signed-jwks-uri>'
|
181
181
|
FEDERATION_REGISTRATION_ENDPOINT = '<federation-registration-endpoint>'
|
182
|
-
|
182
|
+
SUPPORTED_CLIENT_REGISTRATION_TYPES = [ 'AUTOMATIC', 'EXPLICIT']
|
183
183
|
TRUST_ANCHOR_ENTITY_ID = '<entity-id>'
|
184
184
|
TRUST_ANCHOR_JWKS = '<jwks>'
|
185
185
|
TRUST_ANCHORS = [ Authlete::Model::TrustAnchor.new(entityId: TRUST_ANCHOR_ENTITY_ID, jwks: TRUST_ANCHOR_JWKS) ]
|
186
|
-
|
186
|
+
TOKEN_EXCHANGE_BY_IDENTIFIABLE_CLIENTS_ONLY = false
|
187
|
+
TOKEN_EXCHANGE_BY_CONFIDENTIAL_CLIENTS_ONLY = false
|
188
|
+
TOKEN_EXCHANGE_BY_PERMITTED_CLIENTS_ONLY = false
|
187
189
|
|
188
190
|
def generate_json
|
189
191
|
return <<~JSON
|
@@ -325,8 +327,11 @@ class ServiceTest < Minitest::Test
|
|
325
327
|
"federationJwks": "<federation-jwks>",
|
326
328
|
"signedJwksUri": "<signed-jwks-uri>",
|
327
329
|
"federationRegistrationEndpoint": "<federation-registration-endpoint>",
|
328
|
-
"
|
329
|
-
"trustAnchors": [{ "entityId": "<entity-id>", "jwks": "<jwks>" }]
|
330
|
+
"supportedClientRegistrationTypes": [ "AUTOMATIC", "EXPLICIT"],
|
331
|
+
"trustAnchors": [{ "entityId": "<entity-id>", "jwks": "<jwks>" }],
|
332
|
+
"tokenExchangeByIdentifiableClientsOnly": false,
|
333
|
+
"tokenExchangeByConfidentialClientsOnly": false,
|
334
|
+
"tokenExchangeByPermittedClientsOnly": false
|
330
335
|
}
|
331
336
|
JSON
|
332
337
|
|
@@ -472,8 +477,11 @@ class ServiceTest < Minitest::Test
|
|
472
477
|
federationJwks: '<federation-jwks>',
|
473
478
|
signedJwksUri: '<signed-jwks-uri>',
|
474
479
|
federationRegistrationEndpoint: '<federation-registration-endpoint>',
|
475
|
-
|
480
|
+
supportedClientRegistrationTypes: [ 'AUTOMATIC', 'EXPLICIT'],
|
476
481
|
trustAnchors: [{ entityId: "<entity-id>", jwks: "<jwks>" }],
|
482
|
+
tokenExchangeByIdentifiableClientsOnly: false,
|
483
|
+
tokenExchangeByConfidentialClientsOnly: false,
|
484
|
+
tokenExchangeByPermittedClientsOnly: false,
|
477
485
|
}
|
478
486
|
end
|
479
487
|
|
@@ -616,8 +624,11 @@ class ServiceTest < Minitest::Test
|
|
616
624
|
obj.federation_jwks = FEDERATION_JWKS
|
617
625
|
obj.signed_jwks_uri = SIGNED_JWKS_URI
|
618
626
|
obj.federation_registration_endpoint = FEDERATION_REGISTRATION_ENDPOINT
|
619
|
-
obj.
|
627
|
+
obj.supported_client_registration_types = SUPPORTED_CLIENT_REGISTRATION_TYPES
|
620
628
|
obj.trust_anchors = TRUST_ANCHORS
|
629
|
+
obj.token_exchange_by_identifiable_clients_only = TOKEN_EXCHANGE_BY_IDENTIFIABLE_CLIENTS_ONLY
|
630
|
+
obj.token_exchange_by_confidential_clients_only = TOKEN_EXCHANGE_BY_CONFIDENTIAL_CLIENTS_ONLY
|
631
|
+
obj.token_exchange_by_permitted_clients_only = TOKEN_EXCHANGE_BY_PERMITTED_CLIENTS_ONLY
|
621
632
|
end
|
622
633
|
|
623
634
|
|
@@ -773,9 +784,12 @@ class ServiceTest < Minitest::Test
|
|
773
784
|
assert_equal FEDERATION_JWKS, obj.federation_jwks
|
774
785
|
assert_equal SIGNED_JWKS_URI, obj.signed_jwks_uri
|
775
786
|
assert_equal FEDERATION_REGISTRATION_ENDPOINT, obj.federation_registration_endpoint
|
776
|
-
assert_equal
|
787
|
+
assert_equal SUPPORTED_CLIENT_REGISTRATION_TYPES, obj.supported_client_registration_types
|
777
788
|
assert_equal TRUST_ANCHOR_ENTITY_ID, obj.trustAnchors[0].entityId
|
778
789
|
assert_equal TRUST_ANCHOR_JWKS, obj.trustAnchors[0].jwks
|
790
|
+
assert_equal TOKEN_EXCHANGE_BY_IDENTIFIABLE_CLIENTS_ONLY, obj.token_exchange_by_identifiable_clients_only
|
791
|
+
assert_equal TOKEN_EXCHANGE_BY_CONFIDENTIAL_CLIENTS_ONLY, obj.token_exchange_by_confidential_clients_only
|
792
|
+
assert_equal TOKEN_EXCHANGE_BY_PERMITTED_CLIENTS_ONLY, obj.token_exchange_by_permitted_clients_only
|
779
793
|
end
|
780
794
|
|
781
795
|
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: authlete
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.21.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Takahiko Kawasaki
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2022-
|
12
|
+
date: 2022-07-25 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: rest-client
|