authlete 1.19.1 → 1.22.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/authlete/model/client-extension.rb +6 -1
- data/lib/authlete/model/client.rb +7 -1
- data/lib/authlete/model/service.rb +30 -0
- data/lib/authlete/version.rb +1 -1
- data/test/authlete/model/test_client-extension.rb +7 -2
- data/test/authlete/model/test_client.rb +15 -5
- data/test/authlete/model/test_service.rb +24 -2
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 60a371aeaee64d57c31d45b32f7e6a46c1ff5217a502c03a2d90b04d889f5d0e
|
4
|
+
data.tar.gz: ce7f5c8ecffa1dca079b4a2263090532ba6dfe0a5f09a65fc9af0d1fdd632e14
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7ee5c9831a9a34344e3166855c69cbcc5352966fe2ae313ca57485d00fb00096582fbdac964f4e84b197085be27b77334aee06bd451c7cdf32dd066c411a4959
|
7
|
+
data.tar.gz: '080bcb418e171ffd0be38572c76cf982b1d5f8c17a7bc356f38e64838c4126953a22552ba616f65de3b319d84a29dc6a418ff46407d0e320c9907fe122f4d10f'
|
@@ -36,6 +36,9 @@ module Authlete
|
|
36
36
|
alias_method :refresh_token_duration, :refreshTokenDuration
|
37
37
|
alias_method :refresh_token_duration=, :refreshTokenDuration=
|
38
38
|
|
39
|
+
attr_accessor :tokenExchangePermitted
|
40
|
+
alias_method :token_exchange_permitted, :tokenExchangePermitted
|
41
|
+
alias_method :token_exchange_permitted=, :tokenExchangePermitted=
|
39
42
|
private
|
40
43
|
|
41
44
|
def defaults
|
@@ -43,7 +46,8 @@ module Authlete
|
|
43
46
|
requestableScopes: nil,
|
44
47
|
requestableScopesEnabled: false,
|
45
48
|
accessTokenDuration: 0,
|
46
|
-
refreshTokenDuration: 0
|
49
|
+
refreshTokenDuration: 0,
|
50
|
+
tokenExchangePermitted: false
|
47
51
|
}
|
48
52
|
end
|
49
53
|
|
@@ -52,6 +56,7 @@ module Authlete
|
|
52
56
|
@requestableScopesEnabled = hash[:requestableScopesEnabled]
|
53
57
|
@accessTokenDuration = hash[:accessTokenDuration]
|
54
58
|
@refreshTokenDuration = hash[:refreshTokenDuration]
|
59
|
+
@tokenExchangePermitted = hash[:tokenExchangePermitted]
|
55
60
|
end
|
56
61
|
end
|
57
62
|
end
|
@@ -308,6 +308,10 @@ module Authlete
|
|
308
308
|
attr_accessor :digestAlgorithm
|
309
309
|
alias_method :digest_algorithm, :digestAlgorithm
|
310
310
|
alias_method :digest_algorithm=, :digestAlgorithm=
|
311
|
+
|
312
|
+
attr_accessor :singleAccessTokenPerSubject
|
313
|
+
alias_method :single_access_token_per_subject, :singleAccessTokenPerSubject
|
314
|
+
alias_method :single_access_token_per_subject=, :singleAccessTokenPerSubject=
|
311
315
|
private
|
312
316
|
|
313
317
|
def defaults
|
@@ -387,7 +391,8 @@ module Authlete
|
|
387
391
|
frontChannelRequestObjectEncryptionRequired: false,
|
388
392
|
requestObjectEncryptionAlgMatchRequired: false,
|
389
393
|
requestObjectEncryptionEncMatchRequired: false,
|
390
|
-
digestAlgorithm: nil
|
394
|
+
digestAlgorithm: nil,
|
395
|
+
singleAccessTokenPerSubject: false
|
391
396
|
}
|
392
397
|
end
|
393
398
|
|
@@ -468,6 +473,7 @@ module Authlete
|
|
468
473
|
@requestObjectEncryptionAlgMatchRequired = hash[:requestObjectEncryptionAlgMatchRequired]
|
469
474
|
@requestObjectEncryptionEncMatchRequired = hash[:requestObjectEncryptionEncMatchRequired]
|
470
475
|
@digestAlgorithm = hash[:digestAlgorithm]
|
476
|
+
@singleAccessTokenPerSubject = hash[:singleAccessTokenPerSubject]
|
471
477
|
end
|
472
478
|
|
473
479
|
def to_hash_value(key, var)
|
@@ -563,6 +563,26 @@ module Authlete
|
|
563
563
|
alias_method :trust_anchors, :trustAnchors
|
564
564
|
alias_method :trust_anchors=, :trustAnchors=
|
565
565
|
|
566
|
+
attr_accessor :tokenExchangeByIdentifiableClientsOnly
|
567
|
+
alias_method :token_exchange_by_identifiable_clients_only, :tokenExchangeByIdentifiableClientsOnly
|
568
|
+
alias_method :token_exchange_by_identifiable_clients_only=, :tokenExchangeByIdentifiableClientsOnly=
|
569
|
+
|
570
|
+
attr_accessor :tokenExchangeByConfidentialClientsOnly
|
571
|
+
alias_method :token_exchange_by_confidential_clients_only, :tokenExchangeByConfidentialClientsOnly
|
572
|
+
alias_method :token_exchange_by_confidential_clients_only=, :tokenExchangeByConfidentialClientsOnly=
|
573
|
+
|
574
|
+
attr_accessor :tokenExchangeByPermittedClientsOnly
|
575
|
+
alias_method :token_exchange_by_permitted_clients_only, :tokenExchangeByPermittedClientsOnly
|
576
|
+
alias_method :token_exchange_by_permitted_clients_only=, :tokenExchangeByPermittedClientsOnly=
|
577
|
+
|
578
|
+
attr_accessor :tokenExchangeEncryptedJwtRejected
|
579
|
+
alias_method :token_exchange_encrypted_jwt_rejected, :tokenExchangeEncryptedJwtRejected
|
580
|
+
alias_method :token_exchange_encrypted_jwt_rejected=, :tokenExchangeEncryptedJwtRejected=
|
581
|
+
|
582
|
+
attr_accessor :tokenExchangeUnsignedJwtRejected
|
583
|
+
alias_method :token_exchange_unsigned_jwt_rejected, :tokenExchangeUnsignedJwtRejected
|
584
|
+
alias_method :token_exchange_unsigned_jwt_rejected=, :tokenExchangeUnsignedJwtRejected=
|
585
|
+
|
566
586
|
private
|
567
587
|
|
568
588
|
def defaults
|
@@ -706,6 +726,11 @@ module Authlete
|
|
706
726
|
federationRegistrationEndpoint: nil,
|
707
727
|
supportedClientRegistrationTypes: nil,
|
708
728
|
trustAnchors: nil,
|
729
|
+
tokenExchangeByIdentifiableClientsOnly: false,
|
730
|
+
tokenExchangeByConfidentialClientsOnly: false,
|
731
|
+
tokenExchangeByPermittedClientsOnly: false,
|
732
|
+
tokenExchangeEncryptedJwtRejected: false,
|
733
|
+
tokenExchangeUnsignedJwtRejected: false,
|
709
734
|
}
|
710
735
|
end
|
711
736
|
|
@@ -849,6 +874,11 @@ module Authlete
|
|
849
874
|
@federationRegistrationEndpoint = hash[:federationRegistrationEndpoint]
|
850
875
|
@supportedClientRegistrationTypes = hash[:supportedClientRegistrationTypes]
|
851
876
|
@trustAnchors = get_parsed_array(hash[:trustAnchors]) { |e| Authlete::Model::TrustAnchor.parse(e) }
|
877
|
+
@tokenExchangeByIdentifiableClientsOnly = hash[:tokenExchangeByIdentifiableClientsOnly]
|
878
|
+
@tokenExchangeByConfidentialClientsOnly = hash[:tokenExchangeByConfidentialClientsOnly]
|
879
|
+
@tokenExchangeByPermittedClientsOnly = hash[:tokenExchangeByPermittedClientsOnly]
|
880
|
+
@tokenExchangeEncryptedJwtRejected = hash[:tokenExchangeEncryptedJwtRejected]
|
881
|
+
@tokenExchangeUnsignedJwtRejected = hash[:tokenExchangeUnsignedJwtRejected]
|
852
882
|
|
853
883
|
end
|
854
884
|
|
data/lib/authlete/version.rb
CHANGED
@@ -25,6 +25,7 @@ class ClientExtensionTest < Minitest::Test
|
|
25
25
|
REQUESTABLE_SCOPES_ENABLED = true
|
26
26
|
ACCESS_TOKEN_DURATION = 10000
|
27
27
|
REFRESH_TOKEN_DURATION = 10000
|
28
|
+
TOKEN_EXCHANGE_PERMITTED = false
|
28
29
|
|
29
30
|
|
30
31
|
def generate_json
|
@@ -33,7 +34,8 @@ class ClientExtensionTest < Minitest::Test
|
|
33
34
|
"requestableScopes": [ "<requestable-scope0>", "<requestable-scope1>" ],
|
34
35
|
"requestableScopesEnabled": true,
|
35
36
|
"accessTokenDuration": 10000,
|
36
|
-
"refreshTokenDuration": 10000
|
37
|
+
"refreshTokenDuration": 10000,
|
38
|
+
"tokenExchangePermitted": false
|
37
39
|
}
|
38
40
|
JSON
|
39
41
|
end
|
@@ -44,7 +46,8 @@ class ClientExtensionTest < Minitest::Test
|
|
44
46
|
requestableScopes: %w(<requestable-scope0> <requestable-scope1>),
|
45
47
|
requestableScopesEnabled: true,
|
46
48
|
accessTokenDuration: 10000,
|
47
|
-
refreshTokenDuration: 10000
|
49
|
+
refreshTokenDuration: 10000,
|
50
|
+
tokenExchangePermitted: false
|
48
51
|
}
|
49
52
|
end
|
50
53
|
|
@@ -54,6 +57,7 @@ class ClientExtensionTest < Minitest::Test
|
|
54
57
|
obj.requestable_scopes_enabled = REQUESTABLE_SCOPES_ENABLED
|
55
58
|
obj.access_token_duration = ACCESS_TOKEN_DURATION
|
56
59
|
obj.refresh_token_duration = REFRESH_TOKEN_DURATION
|
60
|
+
obj.token_exchange_permitted = TOKEN_EXCHANGE_PERMITTED
|
57
61
|
end
|
58
62
|
|
59
63
|
|
@@ -62,6 +66,7 @@ class ClientExtensionTest < Minitest::Test
|
|
62
66
|
assert_equal REQUESTABLE_SCOPES_ENABLED, obj.requestableScopesEnabled
|
63
67
|
assert_equal ACCESS_TOKEN_DURATION, obj.accessTokenDuration
|
64
68
|
assert_equal REFRESH_TOKEN_DURATION, obj.refreshTokenDuration
|
69
|
+
assert_equal TOKEN_EXCHANGE_PERMITTED, obj.tokenExchangePermitted
|
65
70
|
end
|
66
71
|
|
67
72
|
|
@@ -85,11 +85,13 @@ class ClientTest < Minitest::Test
|
|
85
85
|
REQUESTABLE_SCOPES_ENABLED = true
|
86
86
|
ACCESS_TOKEN_DURATION = 10000
|
87
87
|
REFRESH_TOKEN_DURATION = 10000
|
88
|
+
TOKEN_EXCHANGE_PERMITTED = false
|
88
89
|
EXTENSION = Authlete::Model::ClientExtension.new(
|
89
90
|
requestableScopes: REQUESTABLE_SCOPES,
|
90
91
|
requestableScopesEnabled: REQUESTABLE_SCOPES_ENABLED,
|
91
92
|
accessTokenDuration: ACCESS_TOKEN_DURATION,
|
92
|
-
refreshTokenDuration: REFRESH_TOKEN_DURATION
|
93
|
+
refreshTokenDuration: REFRESH_TOKEN_DURATION,
|
94
|
+
tokenExchangePermitted: TOKEN_EXCHANGE_PERMITTED
|
93
95
|
)
|
94
96
|
TLS_CLIENT_AUTH_SUBJECT_DN = '<tls-client-auth-subject-dn>'
|
95
97
|
TLS_CLIENT_AUTH_SAN_DNS = '<tls-client-auth-san-dns>'
|
@@ -120,6 +122,7 @@ class ClientTest < Minitest::Test
|
|
120
122
|
REQUEST_OBJECT_ENCRYPTION_ALG_MATCH_REQUIRED = false
|
121
123
|
REQUEST_OBJECT_ENCRYPTION_ENC_MATCH_REQUIRED = false
|
122
124
|
DIGEST_ALGORITHM = '<digest-algorithm>'
|
125
|
+
SINGLE_ACCESS_TOKEN_PER_SUBJECT = false
|
123
126
|
|
124
127
|
def generate_json
|
125
128
|
return <<~JSON
|
@@ -176,7 +179,8 @@ class ClientTest < Minitest::Test
|
|
176
179
|
"requestableScopes": [ "<requestable-scope0>", "<requestable-scope1>" ],
|
177
180
|
"requestableScopesEnabled": true,
|
178
181
|
"accessTokenDuration": 10000,
|
179
|
-
"refreshTokenDuration": 10000
|
182
|
+
"refreshTokenDuration": 10000,
|
183
|
+
"tokenExchangePermitted": false
|
180
184
|
},
|
181
185
|
"tlsClientAuthSubjectDn": "<tls-client-auth-subject-dn>",
|
182
186
|
"tlsClientAuthSanDns": "<tls-client-auth-san-dns>",
|
@@ -204,7 +208,8 @@ class ClientTest < Minitest::Test
|
|
204
208
|
"frontChannelRequestObjectEncryptionRequired": false,
|
205
209
|
"requestObjectEncryptionAlgMatchRequired": false,
|
206
210
|
"requestObjectEncryptionEncMatchRequired": false,
|
207
|
-
"digestAlgorithm": "<digest-algorithm>"
|
211
|
+
"digestAlgorithm": "<digest-algorithm>",
|
212
|
+
"singleAccessTokenPerSubject": false
|
208
213
|
}
|
209
214
|
JSON
|
210
215
|
end
|
@@ -264,7 +269,8 @@ class ClientTest < Minitest::Test
|
|
264
269
|
requestableScopes: [ '<requestable-scope0>', '<requestable-scope1>' ],
|
265
270
|
requestableScopesEnabled: true,
|
266
271
|
accessTokenDuration: 10000,
|
267
|
-
refreshTokenDuration: 10000
|
272
|
+
refreshTokenDuration: 10000,
|
273
|
+
tokenExchangePermitted: false
|
268
274
|
},
|
269
275
|
tlsClientAuthSubjectDn: '<tls-client-auth-subject-dn>',
|
270
276
|
tlsClientAuthSanDns: '<tls-client-auth-san-dns>',
|
@@ -292,7 +298,8 @@ class ClientTest < Minitest::Test
|
|
292
298
|
frontChannelRequestObjectEncryptionRequired: false,
|
293
299
|
requestObjectEncryptionAlgMatchRequired: false,
|
294
300
|
requestObjectEncryptionEncMatchRequired: false,
|
295
|
-
digestAlgorithm: '<digest-algorithm>'
|
301
|
+
digestAlgorithm: '<digest-algorithm>',
|
302
|
+
singleAccessTokenPerSubject: false
|
296
303
|
}
|
297
304
|
end
|
298
305
|
|
@@ -374,6 +381,7 @@ class ClientTest < Minitest::Test
|
|
374
381
|
obj.requestObjectEncryptionAlgMatchRequired = REQUEST_OBJECT_ENCRYPTION_ALG_MATCH_REQUIRED
|
375
382
|
obj.requestObjectEncryptionEncMatchRequired = REQUEST_OBJECT_ENCRYPTION_ENC_MATCH_REQUIRED
|
376
383
|
obj.digestAlgorithm = DIGEST_ALGORITHM
|
384
|
+
obj.singleAccessTokenPerSubject = SINGLE_ACCESS_TOKEN_PER_SUBJECT
|
377
385
|
end
|
378
386
|
|
379
387
|
|
@@ -436,6 +444,7 @@ class ClientTest < Minitest::Test
|
|
436
444
|
assert_equal REQUESTABLE_SCOPES_ENABLED, obj.extension.requestableScopesEnabled
|
437
445
|
assert_equal ACCESS_TOKEN_DURATION, obj.extension.accessTokenDuration
|
438
446
|
assert_equal REFRESH_TOKEN_DURATION, obj.extension.refreshTokenDuration
|
447
|
+
assert_equal TOKEN_EXCHANGE_PERMITTED, obj.extension.tokenExchangePermitted
|
439
448
|
assert_equal TLS_CLIENT_AUTH_SUBJECT_DN, obj.tlsClientAuthSubjectDn
|
440
449
|
assert_equal TLS_CLIENT_AUTH_SAN_DNS, obj.tlsClientAuthSanDns
|
441
450
|
assert_equal TLS_CLIENT_AUTH_SAN_URI, obj.tlsClientAuthSanUri
|
@@ -462,6 +471,7 @@ class ClientTest < Minitest::Test
|
|
462
471
|
assert_equal REQUEST_OBJECT_ENCRYPTION_ALG_MATCH_REQUIRED, obj.requestObjectEncryptionAlgMatchRequired
|
463
472
|
assert_equal REQUEST_OBJECT_ENCRYPTION_ENC_MATCH_REQUIRED, obj.requestObjectEncryptionEncMatchRequired
|
464
473
|
assert_equal DIGEST_ALGORITHM, obj.digestAlgorithm
|
474
|
+
assert_equal SINGLE_ACCESS_TOKEN_PER_SUBJECT, obj.singleAccessTokenPerSubject
|
465
475
|
end
|
466
476
|
|
467
477
|
|
@@ -183,7 +183,11 @@ class ServiceTest < Minitest::Test
|
|
183
183
|
TRUST_ANCHOR_ENTITY_ID = '<entity-id>'
|
184
184
|
TRUST_ANCHOR_JWKS = '<jwks>'
|
185
185
|
TRUST_ANCHORS = [ Authlete::Model::TrustAnchor.new(entityId: TRUST_ANCHOR_ENTITY_ID, jwks: TRUST_ANCHOR_JWKS) ]
|
186
|
-
|
186
|
+
TOKEN_EXCHANGE_BY_IDENTIFIABLE_CLIENTS_ONLY = false
|
187
|
+
TOKEN_EXCHANGE_BY_CONFIDENTIAL_CLIENTS_ONLY = false
|
188
|
+
TOKEN_EXCHANGE_BY_PERMITTED_CLIENTS_ONLY = false
|
189
|
+
TOKEN_EXCHANGE_ENCRYPTED_JWT_REJECTED = false
|
190
|
+
TOKEN_EXCHANGE_UNSIGNED_JWT_REJECTED = false
|
187
191
|
|
188
192
|
def generate_json
|
189
193
|
return <<~JSON
|
@@ -326,7 +330,12 @@ class ServiceTest < Minitest::Test
|
|
326
330
|
"signedJwksUri": "<signed-jwks-uri>",
|
327
331
|
"federationRegistrationEndpoint": "<federation-registration-endpoint>",
|
328
332
|
"supportedClientRegistrationTypes": [ "AUTOMATIC", "EXPLICIT"],
|
329
|
-
"trustAnchors": [{ "entityId": "<entity-id>", "jwks": "<jwks>" }]
|
333
|
+
"trustAnchors": [{ "entityId": "<entity-id>", "jwks": "<jwks>" }],
|
334
|
+
"tokenExchangeByIdentifiableClientsOnly": false,
|
335
|
+
"tokenExchangeByConfidentialClientsOnly": false,
|
336
|
+
"tokenExchangeByPermittedClientsOnly": false,
|
337
|
+
"tokenExchangeEncryptedJwtRejected": false,
|
338
|
+
"tokenExchangeUnsignedJwtRejected": false
|
330
339
|
}
|
331
340
|
JSON
|
332
341
|
|
@@ -474,6 +483,11 @@ class ServiceTest < Minitest::Test
|
|
474
483
|
federationRegistrationEndpoint: '<federation-registration-endpoint>',
|
475
484
|
supportedClientRegistrationTypes: [ 'AUTOMATIC', 'EXPLICIT'],
|
476
485
|
trustAnchors: [{ entityId: "<entity-id>", jwks: "<jwks>" }],
|
486
|
+
tokenExchangeByIdentifiableClientsOnly: false,
|
487
|
+
tokenExchangeByConfidentialClientsOnly: false,
|
488
|
+
tokenExchangeByPermittedClientsOnly: false,
|
489
|
+
tokenExchangeEncryptedJwtRejected: false,
|
490
|
+
tokenExchangeUnsignedJwtRejected: false,
|
477
491
|
}
|
478
492
|
end
|
479
493
|
|
@@ -618,6 +632,9 @@ class ServiceTest < Minitest::Test
|
|
618
632
|
obj.federation_registration_endpoint = FEDERATION_REGISTRATION_ENDPOINT
|
619
633
|
obj.supported_client_registration_types = SUPPORTED_CLIENT_REGISTRATION_TYPES
|
620
634
|
obj.trust_anchors = TRUST_ANCHORS
|
635
|
+
obj.token_exchange_by_identifiable_clients_only = TOKEN_EXCHANGE_BY_IDENTIFIABLE_CLIENTS_ONLY
|
636
|
+
obj.token_exchange_by_confidential_clients_only = TOKEN_EXCHANGE_BY_CONFIDENTIAL_CLIENTS_ONLY
|
637
|
+
obj.token_exchange_by_permitted_clients_only = TOKEN_EXCHANGE_BY_PERMITTED_CLIENTS_ONLY
|
621
638
|
end
|
622
639
|
|
623
640
|
|
@@ -776,6 +793,11 @@ class ServiceTest < Minitest::Test
|
|
776
793
|
assert_equal SUPPORTED_CLIENT_REGISTRATION_TYPES, obj.supported_client_registration_types
|
777
794
|
assert_equal TRUST_ANCHOR_ENTITY_ID, obj.trustAnchors[0].entityId
|
778
795
|
assert_equal TRUST_ANCHOR_JWKS, obj.trustAnchors[0].jwks
|
796
|
+
assert_equal TOKEN_EXCHANGE_BY_IDENTIFIABLE_CLIENTS_ONLY, obj.token_exchange_by_identifiable_clients_only
|
797
|
+
assert_equal TOKEN_EXCHANGE_BY_CONFIDENTIAL_CLIENTS_ONLY, obj.token_exchange_by_confidential_clients_only
|
798
|
+
assert_equal TOKEN_EXCHANGE_BY_PERMITTED_CLIENTS_ONLY, obj.token_exchange_by_permitted_clients_only
|
799
|
+
assert_equal TOKEN_EXCHANGE_ENCRYPTED_JWT_REJECTED, obj.token_exchange_encrypted_jwt_rejected
|
800
|
+
assert_equal TOKEN_EXCHANGE_UNSIGNED_JWT_REJECTED, obj.token_exchange_unsigned_jwt_rejected
|
779
801
|
end
|
780
802
|
|
781
803
|
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: authlete
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.22.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Takahiko Kawasaki
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2022-
|
12
|
+
date: 2022-07-27 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: rest-client
|