RubyGems - authlete - Versions diffs - 1.19.1 → 1.22.0 - Mend

authlete 1.19.1 → 1.22.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml +4 -4
data/lib/authlete/model/client-extension.rb +6 -1
data/lib/authlete/model/client.rb +7 -1
data/lib/authlete/model/service.rb +30 -0
data/lib/authlete/version.rb +1 -1
data/test/authlete/model/test_client-extension.rb +7 -2
data/test/authlete/model/test_client.rb +15 -5
data/test/authlete/model/test_service.rb +24 -2
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 10a130b0c41b85471359025c77abdab39a5256c6b187e49f9ee8c2d32a358659
-  data.tar.gz: 628dcd22d6383ea0434a428b0167454011b4762c9241ce03d8ae89d9206fc49d
+  metadata.gz: 60a371aeaee64d57c31d45b32f7e6a46c1ff5217a502c03a2d90b04d889f5d0e
+  data.tar.gz: ce7f5c8ecffa1dca079b4a2263090532ba6dfe0a5f09a65fc9af0d1fdd632e14
 SHA512:
-  metadata.gz: b8969642543bc8465eb5e4d6ad101c3035bd4983d6a6c6c8eb805a2744364a448450eab82ad53aa592616f5c2b3f36a321d22c66b30de3add84a6f3eb39659bf
-  data.tar.gz: c1fea81a6cd0ff775840842da6cd0446ba128eb0491965cbf812eba3e4b0ec592a5759b8df0166b3844d7626cfe36885ad1c4acdff200131bebd3b5181e5d164
+  metadata.gz: 7ee5c9831a9a34344e3166855c69cbcc5352966fe2ae313ca57485d00fb00096582fbdac964f4e84b197085be27b77334aee06bd451c7cdf32dd066c411a4959
+  data.tar.gz: '080bcb418e171ffd0be38572c76cf982b1d5f8c17a7bc356f38e64838c4126953a22552ba616f65de3b319d84a29dc6a418ff46407d0e320c9907fe122f4d10f'

data/lib/authlete/model/client-extension.rb CHANGED Viewed

@@ -36,6 +36,9 @@ module Authlete
       alias_method  :refresh_token_duration,  :refreshTokenDuration
       alias_method  :refresh_token_duration=, :refreshTokenDuration=
+      attr_accessor :tokenExchangePermitted
+      alias_method  :token_exchange_permitted,  :tokenExchangePermitted
+      alias_method  :token_exchange_permitted=, :tokenExchangePermitted=
       private
       def defaults
@@ -43,7 +46,8 @@ module Authlete
           requestableScopes:        nil,
           requestableScopesEnabled: false,
           accessTokenDuration:      0,
-          refreshTokenDuration:     0
+          refreshTokenDuration:     0,
+          tokenExchangePermitted:   false
         }
       end
@@ -52,6 +56,7 @@ module Authlete
         @requestableScopesEnabled = hash[:requestableScopesEnabled]
         @accessTokenDuration      = hash[:accessTokenDuration]
         @refreshTokenDuration     = hash[:refreshTokenDuration]
+        @tokenExchangePermitted   = hash[:tokenExchangePermitted]
       end
     end
   end

data/lib/authlete/model/client.rb CHANGED Viewed

@@ -308,6 +308,10 @@ module Authlete
       attr_accessor :digestAlgorithm
       alias_method  :digest_algorithm,  :digestAlgorithm
       alias_method  :digest_algorithm=, :digestAlgorithm=
+      attr_accessor :singleAccessTokenPerSubject
+      alias_method  :single_access_token_per_subject,  :singleAccessTokenPerSubject
+      alias_method  :single_access_token_per_subject=, :singleAccessTokenPerSubject=
       private
       def defaults
@@ -387,7 +391,8 @@ module Authlete
           frontChannelRequestObjectEncryptionRequired: false,
           requestObjectEncryptionAlgMatchRequired:     false,
           requestObjectEncryptionEncMatchRequired:     false,
-          digestAlgorithm:                             nil
+          digestAlgorithm:                             nil,
+          singleAccessTokenPerSubject:                 false
         }
       end
@@ -468,6 +473,7 @@ module Authlete
         @requestObjectEncryptionAlgMatchRequired     = hash[:requestObjectEncryptionAlgMatchRequired]
         @requestObjectEncryptionEncMatchRequired     = hash[:requestObjectEncryptionEncMatchRequired]
         @digestAlgorithm                             = hash[:digestAlgorithm]
+        @singleAccessTokenPerSubject                 = hash[:singleAccessTokenPerSubject]
       end
       def to_hash_value(key, var)

data/lib/authlete/model/service.rb CHANGED Viewed

@@ -563,6 +563,26 @@ module Authlete
       alias_method  :trust_anchors,  :trustAnchors
       alias_method  :trust_anchors=, :trustAnchors=
+      attr_accessor :tokenExchangeByIdentifiableClientsOnly
+      alias_method  :token_exchange_by_identifiable_clients_only,  :tokenExchangeByIdentifiableClientsOnly
+      alias_method  :token_exchange_by_identifiable_clients_only=, :tokenExchangeByIdentifiableClientsOnly=
+      attr_accessor :tokenExchangeByConfidentialClientsOnly
+      alias_method  :token_exchange_by_confidential_clients_only,  :tokenExchangeByConfidentialClientsOnly
+      alias_method  :token_exchange_by_confidential_clients_only=, :tokenExchangeByConfidentialClientsOnly=
+      attr_accessor :tokenExchangeByPermittedClientsOnly
+      alias_method  :token_exchange_by_permitted_clients_only,  :tokenExchangeByPermittedClientsOnly
+      alias_method  :token_exchange_by_permitted_clients_only=, :tokenExchangeByPermittedClientsOnly=
+      attr_accessor :tokenExchangeEncryptedJwtRejected
+      alias_method  :token_exchange_encrypted_jwt_rejected,  :tokenExchangeEncryptedJwtRejected
+      alias_method  :token_exchange_encrypted_jwt_rejected=, :tokenExchangeEncryptedJwtRejected=
+      attr_accessor :tokenExchangeUnsignedJwtRejected
+      alias_method  :token_exchange_unsigned_jwt_rejected,  :tokenExchangeUnsignedJwtRejected
+      alias_method  :token_exchange_unsigned_jwt_rejected=, :tokenExchangeUnsignedJwtRejected=
       private
       def defaults
@@ -706,6 +726,11 @@ module Authlete
           federationRegistrationEndpoint:              nil,
           supportedClientRegistrationTypes:            nil,
           trustAnchors:                                nil,
+          tokenExchangeByIdentifiableClientsOnly:      false,
+          tokenExchangeByConfidentialClientsOnly:      false,
+          tokenExchangeByPermittedClientsOnly:         false,
+          tokenExchangeEncryptedJwtRejected:           false,
+          tokenExchangeUnsignedJwtRejected:            false,
         }
       end
@@ -849,6 +874,11 @@ module Authlete
         @federationRegistrationEndpoint              = hash[:federationRegistrationEndpoint]
         @supportedClientRegistrationTypes            = hash[:supportedClientRegistrationTypes]
         @trustAnchors                                = get_parsed_array(hash[:trustAnchors]) { |e| Authlete::Model::TrustAnchor.parse(e) }
+        @tokenExchangeByIdentifiableClientsOnly      = hash[:tokenExchangeByIdentifiableClientsOnly]
+        @tokenExchangeByConfidentialClientsOnly      = hash[:tokenExchangeByConfidentialClientsOnly]
+        @tokenExchangeByPermittedClientsOnly         = hash[:tokenExchangeByPermittedClientsOnly]
+        @tokenExchangeEncryptedJwtRejected           = hash[:tokenExchangeEncryptedJwtRejected]
+        @tokenExchangeUnsignedJwtRejected            = hash[:tokenExchangeUnsignedJwtRejected]
       end

data/lib/authlete/version.rb CHANGED Viewed

@@ -16,5 +16,5 @@
 module Authlete
-  VERSION = "1.19.1"
+  VERSION = "1.22.0"
 end

data/test/authlete/model/test_client-extension.rb CHANGED Viewed

@@ -25,6 +25,7 @@ class ClientExtensionTest < Minitest::Test
   REQUESTABLE_SCOPES_ENABLED = true
   ACCESS_TOKEN_DURATION      = 10000
   REFRESH_TOKEN_DURATION     = 10000
+  TOKEN_EXCHANGE_PERMITTED   = false
   def generate_json
@@ -33,7 +34,8 @@ class ClientExtensionTest < Minitest::Test
         "requestableScopes":        [ "<requestable-scope0>", "<requestable-scope1>" ],
         "requestableScopesEnabled": true,
         "accessTokenDuration":      10000,
-        "refreshTokenDuration":     10000
+        "refreshTokenDuration":     10000,
+        "tokenExchangePermitted":   false
       }
     JSON
   end
@@ -44,7 +46,8 @@ class ClientExtensionTest < Minitest::Test
       requestableScopes:        %w(<requestable-scope0> <requestable-scope1>),
       requestableScopesEnabled: true,
       accessTokenDuration:      10000,
-      refreshTokenDuration:     10000
+      refreshTokenDuration:     10000,
+      tokenExchangePermitted:   false
     }
   end
@@ -54,6 +57,7 @@ class ClientExtensionTest < Minitest::Test
     obj.requestable_scopes_enabled = REQUESTABLE_SCOPES_ENABLED
     obj.access_token_duration      = ACCESS_TOKEN_DURATION
     obj.refresh_token_duration     = REFRESH_TOKEN_DURATION
+    obj.token_exchange_permitted   = TOKEN_EXCHANGE_PERMITTED
   end
@@ -62,6 +66,7 @@ class ClientExtensionTest < Minitest::Test
     assert_equal REQUESTABLE_SCOPES_ENABLED, obj.requestableScopesEnabled
     assert_equal ACCESS_TOKEN_DURATION,      obj.accessTokenDuration
     assert_equal REFRESH_TOKEN_DURATION,     obj.refreshTokenDuration
+    assert_equal TOKEN_EXCHANGE_PERMITTED,   obj.tokenExchangePermitted
   end

data/test/authlete/model/test_client.rb CHANGED Viewed

@@ -85,11 +85,13 @@ class ClientTest < Minitest::Test
   REQUESTABLE_SCOPES_ENABLED                       = true
   ACCESS_TOKEN_DURATION                            = 10000
   REFRESH_TOKEN_DURATION                           = 10000
+  TOKEN_EXCHANGE_PERMITTED                         = false
   EXTENSION                                        = Authlete::Model::ClientExtension.new(
                                                        requestableScopes:        REQUESTABLE_SCOPES,
                                                        requestableScopesEnabled: REQUESTABLE_SCOPES_ENABLED,
                                                        accessTokenDuration:      ACCESS_TOKEN_DURATION,
-                                                       refreshTokenDuration:     REFRESH_TOKEN_DURATION
+                                                       refreshTokenDuration:     REFRESH_TOKEN_DURATION,
+                                                       tokenExchangePermitted:   TOKEN_EXCHANGE_PERMITTED
                                                      )
   TLS_CLIENT_AUTH_SUBJECT_DN                       = '<tls-client-auth-subject-dn>'
   TLS_CLIENT_AUTH_SAN_DNS                          = '<tls-client-auth-san-dns>'
@@ -120,6 +122,7 @@ class ClientTest < Minitest::Test
   REQUEST_OBJECT_ENCRYPTION_ALG_MATCH_REQUIRED     = false
   REQUEST_OBJECT_ENCRYPTION_ENC_MATCH_REQUIRED     = false
   DIGEST_ALGORITHM                                 = '<digest-algorithm>'
+  SINGLE_ACCESS_TOKEN_PER_SUBJECT                  = false
   def generate_json
     return <<~JSON
@@ -176,7 +179,8 @@ class ClientTest < Minitest::Test
                                                          "requestableScopes":        [ "<requestable-scope0>", "<requestable-scope1>" ],
                                                          "requestableScopesEnabled": true,
                                                          "accessTokenDuration":      10000,
-                                                         "refreshTokenDuration":     10000
+                                                         "refreshTokenDuration":     10000,
+                                                         "tokenExchangePermitted":   false
                                                        },
         "tlsClientAuthSubjectDn":                      "<tls-client-auth-subject-dn>",
         "tlsClientAuthSanDns":                         "<tls-client-auth-san-dns>",
@@ -204,7 +208,8 @@ class ClientTest < Minitest::Test
         "frontChannelRequestObjectEncryptionRequired": false,
         "requestObjectEncryptionAlgMatchRequired":     false,
         "requestObjectEncryptionEncMatchRequired":     false,
-        "digestAlgorithm":                             "<digest-algorithm>"
+        "digestAlgorithm":                             "<digest-algorithm>",
+        "singleAccessTokenPerSubject":                 false
       }
     JSON
   end
@@ -264,7 +269,8 @@ class ClientTest < Minitest::Test
                                                      requestableScopes:        [ '<requestable-scope0>', '<requestable-scope1>' ],
                                                      requestableScopesEnabled: true,
                                                      accessTokenDuration:      10000,
-                                                     refreshTokenDuration:     10000
+                                                     refreshTokenDuration:     10000,
+                                                     tokenExchangePermitted:   false
                                                    },
       tlsClientAuthSubjectDn:                      '<tls-client-auth-subject-dn>',
       tlsClientAuthSanDns:                         '<tls-client-auth-san-dns>',
@@ -292,7 +298,8 @@ class ClientTest < Minitest::Test
       frontChannelRequestObjectEncryptionRequired: false,
       requestObjectEncryptionAlgMatchRequired:     false,
       requestObjectEncryptionEncMatchRequired:     false,
-      digestAlgorithm:                             '<digest-algorithm>'
+      digestAlgorithm:                             '<digest-algorithm>',
+      singleAccessTokenPerSubject:                 false
     }
   end
@@ -374,6 +381,7 @@ class ClientTest < Minitest::Test
     obj.requestObjectEncryptionAlgMatchRequired     = REQUEST_OBJECT_ENCRYPTION_ALG_MATCH_REQUIRED
     obj.requestObjectEncryptionEncMatchRequired     = REQUEST_OBJECT_ENCRYPTION_ENC_MATCH_REQUIRED
     obj.digestAlgorithm                             = DIGEST_ALGORITHM
+    obj.singleAccessTokenPerSubject                 = SINGLE_ACCESS_TOKEN_PER_SUBJECT
   end
@@ -436,6 +444,7 @@ class ClientTest < Minitest::Test
     assert_equal REQUESTABLE_SCOPES_ENABLED,                       obj.extension.requestableScopesEnabled
     assert_equal ACCESS_TOKEN_DURATION,                            obj.extension.accessTokenDuration
     assert_equal REFRESH_TOKEN_DURATION,                           obj.extension.refreshTokenDuration
+    assert_equal TOKEN_EXCHANGE_PERMITTED,                         obj.extension.tokenExchangePermitted
     assert_equal TLS_CLIENT_AUTH_SUBJECT_DN,                       obj.tlsClientAuthSubjectDn
     assert_equal TLS_CLIENT_AUTH_SAN_DNS,                          obj.tlsClientAuthSanDns
     assert_equal TLS_CLIENT_AUTH_SAN_URI,                          obj.tlsClientAuthSanUri
@@ -462,6 +471,7 @@ class ClientTest < Minitest::Test
     assert_equal REQUEST_OBJECT_ENCRYPTION_ALG_MATCH_REQUIRED,     obj.requestObjectEncryptionAlgMatchRequired
     assert_equal REQUEST_OBJECT_ENCRYPTION_ENC_MATCH_REQUIRED,     obj.requestObjectEncryptionEncMatchRequired
     assert_equal DIGEST_ALGORITHM,                                 obj.digestAlgorithm
+    assert_equal SINGLE_ACCESS_TOKEN_PER_SUBJECT,                  obj.singleAccessTokenPerSubject
   end

data/test/authlete/model/test_service.rb CHANGED Viewed

@@ -183,7 +183,11 @@ class ServiceTest < Minitest::Test
   TRUST_ANCHOR_ENTITY_ID                           = '<entity-id>'
   TRUST_ANCHOR_JWKS                                = '<jwks>'
   TRUST_ANCHORS                                    = [ Authlete::Model::TrustAnchor.new(entityId: TRUST_ANCHOR_ENTITY_ID, jwks: TRUST_ANCHOR_JWKS) ]
+  TOKEN_EXCHANGE_BY_IDENTIFIABLE_CLIENTS_ONLY      = false
+  TOKEN_EXCHANGE_BY_CONFIDENTIAL_CLIENTS_ONLY      = false
+  TOKEN_EXCHANGE_BY_PERMITTED_CLIENTS_ONLY         = false
+  TOKEN_EXCHANGE_ENCRYPTED_JWT_REJECTED            = false
+  TOKEN_EXCHANGE_UNSIGNED_JWT_REJECTED             = false
   def generate_json
     return <<~JSON
@@ -326,7 +330,12 @@ class ServiceTest < Minitest::Test
         "signedJwksUri":                               "<signed-jwks-uri>",
         "federationRegistrationEndpoint":              "<federation-registration-endpoint>",
         "supportedClientRegistrationTypes":            [ "AUTOMATIC", "EXPLICIT"],
-        "trustAnchors":                                [{ "entityId": "<entity-id>", "jwks": "<jwks>" }]
+        "trustAnchors":                                [{ "entityId": "<entity-id>", "jwks": "<jwks>" }],
+        "tokenExchangeByIdentifiableClientsOnly":      false,
+        "tokenExchangeByConfidentialClientsOnly":      false,
+        "tokenExchangeByPermittedClientsOnly":         false,
+        "tokenExchangeEncryptedJwtRejected":           false,
+        "tokenExchangeUnsignedJwtRejected":            false
       }
       JSON
@@ -474,6 +483,11 @@ class ServiceTest < Minitest::Test
       federationRegistrationEndpoint:              '<federation-registration-endpoint>',
       supportedClientRegistrationTypes:            [ 'AUTOMATIC', 'EXPLICIT'],
       trustAnchors:                                [{ entityId: "<entity-id>", jwks: "<jwks>" }],
+      tokenExchangeByIdentifiableClientsOnly:      false,
+      tokenExchangeByConfidentialClientsOnly:      false,
+      tokenExchangeByPermittedClientsOnly:         false,
+      tokenExchangeEncryptedJwtRejected:           false,
+      tokenExchangeUnsignedJwtRejected:            false,
     }
   end
@@ -618,6 +632,9 @@ class ServiceTest < Minitest::Test
     obj.federation_registration_endpoint              = FEDERATION_REGISTRATION_ENDPOINT
     obj.supported_client_registration_types           = SUPPORTED_CLIENT_REGISTRATION_TYPES
     obj.trust_anchors                                 = TRUST_ANCHORS
+    obj.token_exchange_by_identifiable_clients_only   = TOKEN_EXCHANGE_BY_IDENTIFIABLE_CLIENTS_ONLY
+    obj.token_exchange_by_confidential_clients_only   = TOKEN_EXCHANGE_BY_CONFIDENTIAL_CLIENTS_ONLY
+    obj.token_exchange_by_permitted_clients_only      = TOKEN_EXCHANGE_BY_PERMITTED_CLIENTS_ONLY
   end
@@ -776,6 +793,11 @@ class ServiceTest < Minitest::Test
     assert_equal SUPPORTED_CLIENT_REGISTRATION_TYPES,              obj.supported_client_registration_types
     assert_equal TRUST_ANCHOR_ENTITY_ID,                           obj.trustAnchors[0].entityId
     assert_equal TRUST_ANCHOR_JWKS,                                obj.trustAnchors[0].jwks
+    assert_equal TOKEN_EXCHANGE_BY_IDENTIFIABLE_CLIENTS_ONLY,      obj.token_exchange_by_identifiable_clients_only
+    assert_equal TOKEN_EXCHANGE_BY_CONFIDENTIAL_CLIENTS_ONLY,      obj.token_exchange_by_confidential_clients_only
+    assert_equal TOKEN_EXCHANGE_BY_PERMITTED_CLIENTS_ONLY,         obj.token_exchange_by_permitted_clients_only
+    assert_equal TOKEN_EXCHANGE_ENCRYPTED_JWT_REJECTED,            obj.token_exchange_encrypted_jwt_rejected
+    assert_equal TOKEN_EXCHANGE_UNSIGNED_JWT_REJECTED,             obj.token_exchange_unsigned_jwt_rejected
   end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: authlete
 version: !ruby/object:Gem::Version
-  version: 1.19.1
+  version: 1.22.0
 platform: ruby
 authors:
 - Takahiko Kawasaki
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-06-21 00:00:00.000000000 Z
+date: 2022-07-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rest-client