RubyGems - authlete - Versions diffs - 1.19.1 → 1.22.0 - Mend

authlete 1.19.1 → 1.22.0

Files changed (9) hide show

checksums.yaml +4 -4
data/lib/authlete/model/client-extension.rb +6 -1
data/lib/authlete/model/client.rb +7 -1
data/lib/authlete/model/service.rb +30 -0
data/lib/authlete/version.rb +1 -1
data/test/authlete/model/test_client-extension.rb +7 -2
data/test/authlete/model/test_client.rb +15 -5
data/test/authlete/model/test_service.rb +24 -2
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 10a130b0c41b85471359025c77abdab39a5256c6b187e49f9ee8c2d32a358659
-  data.tar.gz: 628dcd22d6383ea0434a428b0167454011b4762c9241ce03d8ae89d9206fc49d
+  metadata.gz: 60a371aeaee64d57c31d45b32f7e6a46c1ff5217a502c03a2d90b04d889f5d0e
+  data.tar.gz: ce7f5c8ecffa1dca079b4a2263090532ba6dfe0a5f09a65fc9af0d1fdd632e14
 SHA512:
-  metadata.gz: b8969642543bc8465eb5e4d6ad101c3035bd4983d6a6c6c8eb805a2744364a448450eab82ad53aa592616f5c2b3f36a321d22c66b30de3add84a6f3eb39659bf
-  data.tar.gz: c1fea81a6cd0ff775840842da6cd0446ba128eb0491965cbf812eba3e4b0ec592a5759b8df0166b3844d7626cfe36885ad1c4acdff200131bebd3b5181e5d164
+  metadata.gz: 7ee5c9831a9a34344e3166855c69cbcc5352966fe2ae313ca57485d00fb00096582fbdac964f4e84b197085be27b77334aee06bd451c7cdf32dd066c411a4959
+  data.tar.gz: '080bcb418e171ffd0be38572c76cf982b1d5f8c17a7bc356f38e64838c4126953a22552ba616f65de3b319d84a29dc6a418ff46407d0e320c9907fe122f4d10f'

data/lib/authlete/model/client-extension.rb CHANGED Viewed

@@ -36,6 +36,9 @@ module Authlete
       alias_method  :refresh_token_duration,  :refreshTokenDuration
       alias_method  :refresh_token_duration=, :refreshTokenDuration=
+      attr_accessor :tokenExchangePermitted
+      alias_method  :token_exchange_permitted,  :tokenExchangePermitted
+      alias_method  :token_exchange_permitted=, :tokenExchangePermitted=
       private
       def defaults
@@ -43,7 +46,8 @@ module Authlete
           requestableScopes:        nil,
           requestableScopesEnabled: false,
           accessTokenDuration:      0,
-          refreshTokenDuration:     0
+          refreshTokenDuration:     0,
+          tokenExchangePermitted:   false
         }
       end
@@ -52,6 +56,7 @@ module Authlete
         @requestableScopesEnabled = hash[:requestableScopesEnabled]
         @accessTokenDuration      = hash[:accessTokenDuration]
         @refreshTokenDuration     = hash[:refreshTokenDuration]
+        @tokenExchangePermitted   = hash[:tokenExchangePermitted]
       end
     end
   end

data/lib/authlete/model/client.rb CHANGED Viewed

@@ -308,6 +308,10 @@ module Authlete
       attr_accessor :digestAlgorithm
       alias_method  :digest_algorithm,  :digestAlgorithm
       alias_method  :digest_algorithm=, :digestAlgorithm=
+      attr_accessor :singleAccessTokenPerSubject
+      alias_method  :single_access_token_per_subject,  :singleAccessTokenPerSubject
+      alias_method  :single_access_token_per_subject=, :singleAccessTokenPerSubject=
       private
       def defaults
@@ -387,7 +391,8 @@ module Authlete
           frontChannelRequestObjectEncryptionRequired: false,
           requestObjectEncryptionAlgMatchRequired:     false,
           requestObjectEncryptionEncMatchRequired:     false,
-          digestAlgorithm:                             nil
+          digestAlgorithm:                             nil,
+          singleAccessTokenPerSubject:                 false
         }
       end
@@ -468,6 +473,7 @@ module Authlete
         @requestObjectEncryptionAlgMatchRequired     = hash[:requestObjectEncryptionAlgMatchRequired]
         @requestObjectEncryptionEncMatchRequired     = hash[:requestObjectEncryptionEncMatchRequired]
         @digestAlgorithm                             = hash[:digestAlgorithm]
+        @singleAccessTokenPerSubject                 = hash[:singleAccessTokenPerSubject]
       end
       def to_hash_value(key, var)

data/lib/authlete/model/service.rb CHANGED Viewed

@@ -563,6 +563,26 @@ module Authlete
       alias_method  :trust_anchors,  :trustAnchors
       alias_method  :trust_anchors=, :trustAnchors=
+      attr_accessor :tokenExchangeByIdentifiableClientsOnly
+      alias_method  :token_exchange_by_identifiable_clients_only,  :tokenExchangeByIdentifiableClientsOnly
+      alias_method  :token_exchange_by_identifiable_clients_only=, :tokenExchangeByIdentifiableClientsOnly=
+      attr_accessor :tokenExchangeByConfidentialClientsOnly
+      alias_method  :token_exchange_by_confidential_clients_only,  :tokenExchangeByConfidentialClientsOnly
+      alias_method  :token_exchange_by_confidential_clients_only=, :tokenExchangeByConfidentialClientsOnly=
+      attr_accessor :tokenExchangeByPermittedClientsOnly
+      alias_method  :token_exchange_by_permitted_clients_only,  :tokenExchangeByPermittedClientsOnly
+      alias_method  :token_exchange_by_permitted_clients_only=, :tokenExchangeByPermittedClientsOnly=
+      attr_accessor :tokenExchangeEncryptedJwtRejected
+      alias_method  :token_exchange_encrypted_jwt_rejected,  :tokenExchangeEncryptedJwtRejected
+      alias_method  :token_exchange_encrypted_jwt_rejected=, :tokenExchangeEncryptedJwtRejected=
+      attr_accessor :tokenExchangeUnsignedJwtRejected
+      alias_method  :token_exchange_unsigned_jwt_rejected,  :tokenExchangeUnsignedJwtRejected
+      alias_method  :token_exchange_unsigned_jwt_rejected=, :tokenExchangeUnsignedJwtRejected=
       private
       def defaults
@@ -706,6 +726,11 @@ module Authlete
           federationRegistrationEndpoint:              nil,
           supportedClientRegistrationTypes:            nil,
           trustAnchors:                                nil,
+          tokenExchangeByIdentifiableClientsOnly:      false,
+          tokenExchangeByConfidentialClientsOnly:      false,
+          tokenExchangeByPermittedClientsOnly:         false,
+          tokenExchangeEncryptedJwtRejected:           false,
+          tokenExchangeUnsignedJwtRejected:            false,
         }
       end
@@ -849,6 +874,11 @@ module Authlete
         @federationRegistrationEndpoint              = hash[:federationRegistrationEndpoint]
         @supportedClientRegistrationTypes            = hash[:supportedClientRegistrationTypes]
         @trustAnchors                                = get_parsed_array(hash[:trustAnchors]) { |e| Authlete::Model::TrustAnchor.parse(e) }
+        @tokenExchangeByIdentifiableClientsOnly      = hash[:tokenExchangeByIdentifiableClientsOnly]
+        @tokenExchangeByConfidentialClientsOnly      = hash[:tokenExchangeByConfidentialClientsOnly]
+        @tokenExchangeByPermittedClientsOnly         = hash[:tokenExchangeByPermittedClientsOnly]
+        @tokenExchangeEncryptedJwtRejected           = hash[:tokenExchangeEncryptedJwtRejected]
+        @tokenExchangeUnsignedJwtRejected            = hash[:tokenExchangeUnsignedJwtRejected]
       end

data/lib/authlete/version.rb CHANGED Viewed

@@ -16,5 +16,5 @@
 module Authlete
-  VERSION = "1.19.1"
+  VERSION = "1.22.0"
 end

data/test/authlete/model/test_client-extension.rb CHANGED Viewed

@@ -25,6 +25,7 @@ class ClientExtensionTest < Minitest::Test
   REQUESTABLE_SCOPES_ENABLED = true
   ACCESS_TOKEN_DURATION      = 10000
   REFRESH_TOKEN_DURATION     = 10000
+  TOKEN_EXCHANGE_PERMITTED   = false
   def generate_json
@@ -33,7 +34,8 @@ class ClientExtensionTest < Minitest::Test
         "requestableScopes":        [ "<requestable-scope0>", "<requestable-scope1>" ],
         "requestableScopesEnabled": true,
         "accessTokenDuration":      10000,
-        "refreshTokenDuration":     10000
+        "refreshTokenDuration":     10000,
+        "tokenExchangePermitted":   false
       }
     JSON
   end
@@ -44,7 +46,8 @@ class ClientExtensionTest < Minitest::Test
       requestableScopes:        %w(<requestable-scope0> <requestable-scope1>),
       requestableScopesEnabled: true,
       accessTokenDuration:      10000,
-      refreshTokenDuration:     10000
+      refreshTokenDuration:     10000,
+      tokenExchangePermitted:   false
     }
   end
@@ -54,6 +57,7 @@ class ClientExtensionTest < Minitest::Test
     obj.requestable_scopes_enabled = REQUESTABLE_SCOPES_ENABLED
     obj.access_token_duration      = ACCESS_TOKEN_DURATION
     obj.refresh_token_duration     = REFRESH_TOKEN_DURATION
+    obj.token_exchange_permitted   = TOKEN_EXCHANGE_PERMITTED
   end
@@ -62,6 +66,7 @@ class ClientExtensionTest < Minitest::Test
     assert_equal REQUESTABLE_SCOPES_ENABLED, obj.requestableScopesEnabled
     assert_equal ACCESS_TOKEN_DURATION,      obj.accessTokenDuration
     assert_equal REFRESH_TOKEN_DURATION,     obj.refreshTokenDuration
+    assert_equal TOKEN_EXCHANGE_PERMITTED,   obj.tokenExchangePermitted
   end

data/test/authlete/model/test_client.rb CHANGED Viewed

@@ -85,11 +85,13 @@ class ClientTest < Minitest::Test
   REQUESTABLE_SCOPES_ENABLED                       = true
   ACCESS_TOKEN_DURATION                            = 10000
   REFRESH_TOKEN_DURATION                           = 10000
+  TOKEN_EXCHANGE_PERMITTED                         = false
   EXTENSION                                        = Authlete::Model::ClientExtension.new(
                                                        requestableScopes:        REQUESTABLE_SCOPES,
                                                        requestableScopesEnabled: REQUESTABLE_SCOPES_ENABLED,
                                                        accessTokenDuration:      ACCESS_TOKEN_DURATION,
-                                                       refreshTokenDuration:     REFRESH_TOKEN_DURATION
+                                                       refreshTokenDuration:     REFRESH_TOKEN_DURATION,
+                                                       tokenExchangePermitted:   TOKEN_EXCHANGE_PERMITTED
                                                      )
   TLS_CLIENT_AUTH_SUBJECT_DN                       = '<tls-client-auth-subject-dn>'
   TLS_CLIENT_AUTH_SAN_DNS                          = '<tls-client-auth-san-dns>'
@@ -120,6 +122,7 @@ class ClientTest < Minitest::Test
   REQUEST_OBJECT_ENCRYPTION_ALG_MATCH_REQUIRED     = false
   REQUEST_OBJECT_ENCRYPTION_ENC_MATCH_REQUIRED     = false
   DIGEST_ALGORITHM                                 = '<digest-algorithm>'
+  SINGLE_ACCESS_TOKEN_PER_SUBJECT                  = false
   def generate_json
     return <<~JSON
@@ -176,7 +179,8 @@ class ClientTest < Minitest::Test
                                                          "requestableScopes":        [ "<requestable-scope0>", "<requestable-scope1>" ],
                                                          "requestableScopesEnabled": true,
                                                          "accessTokenDuration":      10000,
-                                                         "refreshTokenDuration":     10000
+                                                         "refreshTokenDuration":     10000,
+                                                         "tokenExchangePermitted":   false
                                                        },
         "tlsClientAuthSubjectDn":                      "<tls-client-auth-subject-dn>",
         "tlsClientAuthSanDns":                         "<tls-client-auth-san-dns>",
@@ -204,7 +208,8 @@ class ClientTest < Minitest::Test
         "frontChannelRequestObjectEncryptionRequired": false,
         "requestObjectEncryptionAlgMatchRequired":     false,
         "requestObjectEncryptionEncMatchRequired":     false,
-        "digestAlgorithm":                             "<digest-algorithm>"
+        "digestAlgorithm":                             "<digest-algorithm>",
+        "singleAccessTokenPerSubject":                 false
       }
     JSON
   end
@@ -264,7 +269,8 @@ class ClientTest < Minitest::Test
                                                      requestableScopes:        [ '<requestable-scope0>', '<requestable-scope1>' ],
                                                      requestableScopesEnabled: true,
                                                      accessTokenDuration:      10000,
-                                                     refreshTokenDuration:     10000
+                                                     refreshTokenDuration:     10000,
+                                                     tokenExchangePermitted:   false
                                                    },
       tlsClientAuthSubjectDn:                      '<tls-client-auth-subject-dn>',
       tlsClientAuthSanDns:                         '<tls-client-auth-san-dns>',
@@ -292,7 +298,8 @@ class ClientTest < Minitest::Test
       frontChannelRequestObjectEncryptionRequired: false,
       requestObjectEncryptionAlgMatchRequired:     false,
       requestObjectEncryptionEncMatchRequired:     false,
-      digestAlgorithm:                             '<digest-algorithm>'
+      digestAlgorithm:                             '<digest-algorithm>',
+      singleAccessTokenPerSubject:                 false
     }
   end
@@ -374,6 +381,7 @@ class ClientTest < Minitest::Test
     obj.requestObjectEncryptionAlgMatchRequired     = REQUEST_OBJECT_ENCRYPTION_ALG_MATCH_REQUIRED
     obj.requestObjectEncryptionEncMatchRequired     = REQUEST_OBJECT_ENCRYPTION_ENC_MATCH_REQUIRED
     obj.digestAlgorithm                             = DIGEST_ALGORITHM
+    obj.singleAccessTokenPerSubject                 = SINGLE_ACCESS_TOKEN_PER_SUBJECT
   end
@@ -436,6 +444,7 @@ class ClientTest < Minitest::Test
     assert_equal REQUESTABLE_SCOPES_ENABLED,                       obj.extension.requestableScopesEnabled
     assert_equal ACCESS_TOKEN_DURATION,                            obj.extension.accessTokenDuration
     assert_equal REFRESH_TOKEN_DURATION,                           obj.extension.refreshTokenDuration
+    assert_equal TOKEN_EXCHANGE_PERMITTED,                         obj.extension.tokenExchangePermitted
     assert_equal TLS_CLIENT_AUTH_SUBJECT_DN,                       obj.tlsClientAuthSubjectDn
     assert_equal TLS_CLIENT_AUTH_SAN_DNS,                          obj.tlsClientAuthSanDns
     assert_equal TLS_CLIENT_AUTH_SAN_URI,                          obj.tlsClientAuthSanUri
@@ -462,6 +471,7 @@ class ClientTest < Minitest::Test
     assert_equal REQUEST_OBJECT_ENCRYPTION_ALG_MATCH_REQUIRED,     obj.requestObjectEncryptionAlgMatchRequired
     assert_equal REQUEST_OBJECT_ENCRYPTION_ENC_MATCH_REQUIRED,     obj.requestObjectEncryptionEncMatchRequired
     assert_equal DIGEST_ALGORITHM,                                 obj.digestAlgorithm
+    assert_equal SINGLE_ACCESS_TOKEN_PER_SUBJECT,                  obj.singleAccessTokenPerSubject
   end

data/test/authlete/model/test_service.rb CHANGED Viewed

@@ -183,7 +183,11 @@ class ServiceTest < Minitest::Test
   TRUST_ANCHOR_ENTITY_ID                           = '<entity-id>'
   TRUST_ANCHOR_JWKS                                = '<jwks>'
   TRUST_ANCHORS                                    = [ Authlete::Model::TrustAnchor.new(entityId: TRUST_ANCHOR_ENTITY_ID, jwks: TRUST_ANCHOR_JWKS) ]
+  TOKEN_EXCHANGE_BY_IDENTIFIABLE_CLIENTS_ONLY      = false
+  TOKEN_EXCHANGE_BY_CONFIDENTIAL_CLIENTS_ONLY      = false
+  TOKEN_EXCHANGE_BY_PERMITTED_CLIENTS_ONLY         = false
+  TOKEN_EXCHANGE_ENCRYPTED_JWT_REJECTED            = false
+  TOKEN_EXCHANGE_UNSIGNED_JWT_REJECTED             = false
   def generate_json
     return <<~JSON
@@ -326,7 +330,12 @@ class ServiceTest < Minitest::Test
         "signedJwksUri":                               "<signed-jwks-uri>",
         "federationRegistrationEndpoint":              "<federation-registration-endpoint>",
         "supportedClientRegistrationTypes":            [ "AUTOMATIC", "EXPLICIT"],
-        "trustAnchors":                                [{ "entityId": "<entity-id>", "jwks": "<jwks>" }]
+        "trustAnchors":                                [{ "entityId": "<entity-id>", "jwks": "<jwks>" }],
+        "tokenExchangeByIdentifiableClientsOnly":      false,
+        "tokenExchangeByConfidentialClientsOnly":      false,
+        "tokenExchangeByPermittedClientsOnly":         false,
+        "tokenExchangeEncryptedJwtRejected":           false,
+        "tokenExchangeUnsignedJwtRejected":            false
       }
       JSON
@@ -474,6 +483,11 @@ class ServiceTest < Minitest::Test
       federationRegistrationEndpoint:              '<federation-registration-endpoint>',
       supportedClientRegistrationTypes:            [ 'AUTOMATIC', 'EXPLICIT'],
       trustAnchors:                                [{ entityId: "<entity-id>", jwks: "<jwks>" }],
+      tokenExchangeByIdentifiableClientsOnly:      false,
+      tokenExchangeByConfidentialClientsOnly:      false,
+      tokenExchangeByPermittedClientsOnly:         false,
+      tokenExchangeEncryptedJwtRejected:           false,
+      tokenExchangeUnsignedJwtRejected:            false,
     }
   end
@@ -618,6 +632,9 @@ class ServiceTest < Minitest::Test
     obj.federation_registration_endpoint              = FEDERATION_REGISTRATION_ENDPOINT
     obj.supported_client_registration_types           = SUPPORTED_CLIENT_REGISTRATION_TYPES
     obj.trust_anchors                                 = TRUST_ANCHORS
+    obj.token_exchange_by_identifiable_clients_only   = TOKEN_EXCHANGE_BY_IDENTIFIABLE_CLIENTS_ONLY
+    obj.token_exchange_by_confidential_clients_only   = TOKEN_EXCHANGE_BY_CONFIDENTIAL_CLIENTS_ONLY
+    obj.token_exchange_by_permitted_clients_only      = TOKEN_EXCHANGE_BY_PERMITTED_CLIENTS_ONLY
   end
@@ -776,6 +793,11 @@ class ServiceTest < Minitest::Test
     assert_equal SUPPORTED_CLIENT_REGISTRATION_TYPES,              obj.supported_client_registration_types
     assert_equal TRUST_ANCHOR_ENTITY_ID,                           obj.trustAnchors[0].entityId
     assert_equal TRUST_ANCHOR_JWKS,                                obj.trustAnchors[0].jwks
+    assert_equal TOKEN_EXCHANGE_BY_IDENTIFIABLE_CLIENTS_ONLY,      obj.token_exchange_by_identifiable_clients_only
+    assert_equal TOKEN_EXCHANGE_BY_CONFIDENTIAL_CLIENTS_ONLY,      obj.token_exchange_by_confidential_clients_only
+    assert_equal TOKEN_EXCHANGE_BY_PERMITTED_CLIENTS_ONLY,         obj.token_exchange_by_permitted_clients_only
+    assert_equal TOKEN_EXCHANGE_ENCRYPTED_JWT_REJECTED,            obj.token_exchange_encrypted_jwt_rejected
+    assert_equal TOKEN_EXCHANGE_UNSIGNED_JWT_REJECTED,             obj.token_exchange_unsigned_jwt_rejected
   end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: authlete
 version: !ruby/object:Gem::Version
-  version: 1.19.1
+  version: 1.22.0
 platform: ruby
 authors:
 - Takahiko Kawasaki
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-06-21 00:00:00.000000000 Z
+date: 2022-07-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rest-client