authlete 1.20.0 → 1.21.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/authlete/model/client-extension.rb +6 -1
- data/lib/authlete/model/service.rb +18 -0
- data/lib/authlete/version.rb +1 -1
- data/test/authlete/model/test_client-extension.rb +7 -2
- data/test/authlete/model/test_client.rb +8 -3
- data/test/authlete/model/test_service.rb +16 -2
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: aa7e3f6284c06767eef0769f49d23b45d814b05143e1e814851601d7b0fe4d4d
|
4
|
+
data.tar.gz: 592b75c5d9b63bf1ce2b6e6043a60b2b5a349d8b93d54215e168bfb20b9bb4d5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 97116cc29a6312fc46f738b503b350b030cbdd7bd28c33fdab6d0761ec5774244472bf3bb4400bfd0457caf0fe16a6c1bb9480fcf22d0929b21202581bda856d
|
7
|
+
data.tar.gz: b1df3677a66b7cd5526405c7a71d024753ecba058a4152aa9f4a68e020bc4483cd705aecb68ced4c7796bf137be3799380268074277a2ac42c12a070d54a3622
|
@@ -36,6 +36,9 @@ module Authlete
|
|
36
36
|
alias_method :refresh_token_duration, :refreshTokenDuration
|
37
37
|
alias_method :refresh_token_duration=, :refreshTokenDuration=
|
38
38
|
|
39
|
+
attr_accessor :tokenExchangePermitted
|
40
|
+
alias_method :token_exchange_permitted, :tokenExchangePermitted
|
41
|
+
alias_method :token_exchange_permitted=, :tokenExchangePermitted=
|
39
42
|
private
|
40
43
|
|
41
44
|
def defaults
|
@@ -43,7 +46,8 @@ module Authlete
|
|
43
46
|
requestableScopes: nil,
|
44
47
|
requestableScopesEnabled: false,
|
45
48
|
accessTokenDuration: 0,
|
46
|
-
refreshTokenDuration: 0
|
49
|
+
refreshTokenDuration: 0,
|
50
|
+
tokenExchangePermitted: false
|
47
51
|
}
|
48
52
|
end
|
49
53
|
|
@@ -52,6 +56,7 @@ module Authlete
|
|
52
56
|
@requestableScopesEnabled = hash[:requestableScopesEnabled]
|
53
57
|
@accessTokenDuration = hash[:accessTokenDuration]
|
54
58
|
@refreshTokenDuration = hash[:refreshTokenDuration]
|
59
|
+
@tokenExchangePermitted = hash[:tokenExchangePermitted]
|
55
60
|
end
|
56
61
|
end
|
57
62
|
end
|
@@ -563,6 +563,18 @@ module Authlete
|
|
563
563
|
alias_method :trust_anchors, :trustAnchors
|
564
564
|
alias_method :trust_anchors=, :trustAnchors=
|
565
565
|
|
566
|
+
attr_accessor :tokenExchangeByIdentifiableClientsOnly
|
567
|
+
alias_method :token_exchange_by_identifiable_clients_only, :tokenExchangeByIdentifiableClientsOnly
|
568
|
+
alias_method :token_exchange_by_identifiable_clients_only=, :tokenExchangeByIdentifiableClientsOnly=
|
569
|
+
|
570
|
+
attr_accessor :tokenExchangeByConfidentialClientsOnly
|
571
|
+
alias_method :token_exchange_by_confidential_clients_only, :tokenExchangeByConfidentialClientsOnly
|
572
|
+
alias_method :token_exchange_by_confidential_clients_only=, :tokenExchangeByConfidentialClientsOnly=
|
573
|
+
|
574
|
+
attr_accessor :tokenExchangeByPermittedClientsOnly
|
575
|
+
alias_method :token_exchange_by_permitted_clients_only, :tokenExchangeByPermittedClientsOnly
|
576
|
+
alias_method :token_exchange_by_permitted_clients_only=, :tokenExchangeByPermittedClientsOnly=
|
577
|
+
|
566
578
|
private
|
567
579
|
|
568
580
|
def defaults
|
@@ -706,6 +718,9 @@ module Authlete
|
|
706
718
|
federationRegistrationEndpoint: nil,
|
707
719
|
supportedClientRegistrationTypes: nil,
|
708
720
|
trustAnchors: nil,
|
721
|
+
tokenExchangeByIdentifiableClientsOnly: false,
|
722
|
+
tokenExchangeByConfidentialClientsOnly: false,
|
723
|
+
tokenExchangeByPermittedClientsOnly: false,
|
709
724
|
}
|
710
725
|
end
|
711
726
|
|
@@ -849,6 +864,9 @@ module Authlete
|
|
849
864
|
@federationRegistrationEndpoint = hash[:federationRegistrationEndpoint]
|
850
865
|
@supportedClientRegistrationTypes = hash[:supportedClientRegistrationTypes]
|
851
866
|
@trustAnchors = get_parsed_array(hash[:trustAnchors]) { |e| Authlete::Model::TrustAnchor.parse(e) }
|
867
|
+
@tokenExchangeByIdentifiableClientsOnly = hash[:tokenExchangeByIdentifiableClientsOnly]
|
868
|
+
@tokenExchangeByConfidentialClientsOnly = hash[:tokenExchangeByConfidentialClientsOnly]
|
869
|
+
@tokenExchangeByPermittedClientsOnly = hash[:tokenExchangeByPermittedClientsOnly]
|
852
870
|
|
853
871
|
end
|
854
872
|
|
data/lib/authlete/version.rb
CHANGED
@@ -25,6 +25,7 @@ class ClientExtensionTest < Minitest::Test
|
|
25
25
|
REQUESTABLE_SCOPES_ENABLED = true
|
26
26
|
ACCESS_TOKEN_DURATION = 10000
|
27
27
|
REFRESH_TOKEN_DURATION = 10000
|
28
|
+
TOKEN_EXCHANGE_PERMITTED = false
|
28
29
|
|
29
30
|
|
30
31
|
def generate_json
|
@@ -33,7 +34,8 @@ class ClientExtensionTest < Minitest::Test
|
|
33
34
|
"requestableScopes": [ "<requestable-scope0>", "<requestable-scope1>" ],
|
34
35
|
"requestableScopesEnabled": true,
|
35
36
|
"accessTokenDuration": 10000,
|
36
|
-
"refreshTokenDuration": 10000
|
37
|
+
"refreshTokenDuration": 10000,
|
38
|
+
"tokenExchangePermitted": false
|
37
39
|
}
|
38
40
|
JSON
|
39
41
|
end
|
@@ -44,7 +46,8 @@ class ClientExtensionTest < Minitest::Test
|
|
44
46
|
requestableScopes: %w(<requestable-scope0> <requestable-scope1>),
|
45
47
|
requestableScopesEnabled: true,
|
46
48
|
accessTokenDuration: 10000,
|
47
|
-
refreshTokenDuration: 10000
|
49
|
+
refreshTokenDuration: 10000,
|
50
|
+
tokenExchangePermitted: false
|
48
51
|
}
|
49
52
|
end
|
50
53
|
|
@@ -54,6 +57,7 @@ class ClientExtensionTest < Minitest::Test
|
|
54
57
|
obj.requestable_scopes_enabled = REQUESTABLE_SCOPES_ENABLED
|
55
58
|
obj.access_token_duration = ACCESS_TOKEN_DURATION
|
56
59
|
obj.refresh_token_duration = REFRESH_TOKEN_DURATION
|
60
|
+
obj.token_exchange_permitted = TOKEN_EXCHANGE_PERMITTED
|
57
61
|
end
|
58
62
|
|
59
63
|
|
@@ -62,6 +66,7 @@ class ClientExtensionTest < Minitest::Test
|
|
62
66
|
assert_equal REQUESTABLE_SCOPES_ENABLED, obj.requestableScopesEnabled
|
63
67
|
assert_equal ACCESS_TOKEN_DURATION, obj.accessTokenDuration
|
64
68
|
assert_equal REFRESH_TOKEN_DURATION, obj.refreshTokenDuration
|
69
|
+
assert_equal TOKEN_EXCHANGE_PERMITTED, obj.tokenExchangePermitted
|
65
70
|
end
|
66
71
|
|
67
72
|
|
@@ -85,11 +85,13 @@ class ClientTest < Minitest::Test
|
|
85
85
|
REQUESTABLE_SCOPES_ENABLED = true
|
86
86
|
ACCESS_TOKEN_DURATION = 10000
|
87
87
|
REFRESH_TOKEN_DURATION = 10000
|
88
|
+
TOKEN_EXCHANGE_PERMITTED = false
|
88
89
|
EXTENSION = Authlete::Model::ClientExtension.new(
|
89
90
|
requestableScopes: REQUESTABLE_SCOPES,
|
90
91
|
requestableScopesEnabled: REQUESTABLE_SCOPES_ENABLED,
|
91
92
|
accessTokenDuration: ACCESS_TOKEN_DURATION,
|
92
|
-
refreshTokenDuration: REFRESH_TOKEN_DURATION
|
93
|
+
refreshTokenDuration: REFRESH_TOKEN_DURATION,
|
94
|
+
tokenExchangePermitted: TOKEN_EXCHANGE_PERMITTED
|
93
95
|
)
|
94
96
|
TLS_CLIENT_AUTH_SUBJECT_DN = '<tls-client-auth-subject-dn>'
|
95
97
|
TLS_CLIENT_AUTH_SAN_DNS = '<tls-client-auth-san-dns>'
|
@@ -177,7 +179,8 @@ class ClientTest < Minitest::Test
|
|
177
179
|
"requestableScopes": [ "<requestable-scope0>", "<requestable-scope1>" ],
|
178
180
|
"requestableScopesEnabled": true,
|
179
181
|
"accessTokenDuration": 10000,
|
180
|
-
"refreshTokenDuration": 10000
|
182
|
+
"refreshTokenDuration": 10000,
|
183
|
+
"tokenExchangePermitted": false
|
181
184
|
},
|
182
185
|
"tlsClientAuthSubjectDn": "<tls-client-auth-subject-dn>",
|
183
186
|
"tlsClientAuthSanDns": "<tls-client-auth-san-dns>",
|
@@ -266,7 +269,8 @@ class ClientTest < Minitest::Test
|
|
266
269
|
requestableScopes: [ '<requestable-scope0>', '<requestable-scope1>' ],
|
267
270
|
requestableScopesEnabled: true,
|
268
271
|
accessTokenDuration: 10000,
|
269
|
-
refreshTokenDuration: 10000
|
272
|
+
refreshTokenDuration: 10000,
|
273
|
+
tokenExchangePermitted: false
|
270
274
|
},
|
271
275
|
tlsClientAuthSubjectDn: '<tls-client-auth-subject-dn>',
|
272
276
|
tlsClientAuthSanDns: '<tls-client-auth-san-dns>',
|
@@ -440,6 +444,7 @@ class ClientTest < Minitest::Test
|
|
440
444
|
assert_equal REQUESTABLE_SCOPES_ENABLED, obj.extension.requestableScopesEnabled
|
441
445
|
assert_equal ACCESS_TOKEN_DURATION, obj.extension.accessTokenDuration
|
442
446
|
assert_equal REFRESH_TOKEN_DURATION, obj.extension.refreshTokenDuration
|
447
|
+
assert_equal TOKEN_EXCHANGE_PERMITTED, obj.extension.tokenExchangePermitted
|
443
448
|
assert_equal TLS_CLIENT_AUTH_SUBJECT_DN, obj.tlsClientAuthSubjectDn
|
444
449
|
assert_equal TLS_CLIENT_AUTH_SAN_DNS, obj.tlsClientAuthSanDns
|
445
450
|
assert_equal TLS_CLIENT_AUTH_SAN_URI, obj.tlsClientAuthSanUri
|
@@ -183,7 +183,9 @@ class ServiceTest < Minitest::Test
|
|
183
183
|
TRUST_ANCHOR_ENTITY_ID = '<entity-id>'
|
184
184
|
TRUST_ANCHOR_JWKS = '<jwks>'
|
185
185
|
TRUST_ANCHORS = [ Authlete::Model::TrustAnchor.new(entityId: TRUST_ANCHOR_ENTITY_ID, jwks: TRUST_ANCHOR_JWKS) ]
|
186
|
-
|
186
|
+
TOKEN_EXCHANGE_BY_IDENTIFIABLE_CLIENTS_ONLY = false
|
187
|
+
TOKEN_EXCHANGE_BY_CONFIDENTIAL_CLIENTS_ONLY = false
|
188
|
+
TOKEN_EXCHANGE_BY_PERMITTED_CLIENTS_ONLY = false
|
187
189
|
|
188
190
|
def generate_json
|
189
191
|
return <<~JSON
|
@@ -326,7 +328,10 @@ class ServiceTest < Minitest::Test
|
|
326
328
|
"signedJwksUri": "<signed-jwks-uri>",
|
327
329
|
"federationRegistrationEndpoint": "<federation-registration-endpoint>",
|
328
330
|
"supportedClientRegistrationTypes": [ "AUTOMATIC", "EXPLICIT"],
|
329
|
-
"trustAnchors": [{ "entityId": "<entity-id>", "jwks": "<jwks>" }]
|
331
|
+
"trustAnchors": [{ "entityId": "<entity-id>", "jwks": "<jwks>" }],
|
332
|
+
"tokenExchangeByIdentifiableClientsOnly": false,
|
333
|
+
"tokenExchangeByConfidentialClientsOnly": false,
|
334
|
+
"tokenExchangeByPermittedClientsOnly": false
|
330
335
|
}
|
331
336
|
JSON
|
332
337
|
|
@@ -474,6 +479,9 @@ class ServiceTest < Minitest::Test
|
|
474
479
|
federationRegistrationEndpoint: '<federation-registration-endpoint>',
|
475
480
|
supportedClientRegistrationTypes: [ 'AUTOMATIC', 'EXPLICIT'],
|
476
481
|
trustAnchors: [{ entityId: "<entity-id>", jwks: "<jwks>" }],
|
482
|
+
tokenExchangeByIdentifiableClientsOnly: false,
|
483
|
+
tokenExchangeByConfidentialClientsOnly: false,
|
484
|
+
tokenExchangeByPermittedClientsOnly: false,
|
477
485
|
}
|
478
486
|
end
|
479
487
|
|
@@ -618,6 +626,9 @@ class ServiceTest < Minitest::Test
|
|
618
626
|
obj.federation_registration_endpoint = FEDERATION_REGISTRATION_ENDPOINT
|
619
627
|
obj.supported_client_registration_types = SUPPORTED_CLIENT_REGISTRATION_TYPES
|
620
628
|
obj.trust_anchors = TRUST_ANCHORS
|
629
|
+
obj.token_exchange_by_identifiable_clients_only = TOKEN_EXCHANGE_BY_IDENTIFIABLE_CLIENTS_ONLY
|
630
|
+
obj.token_exchange_by_confidential_clients_only = TOKEN_EXCHANGE_BY_CONFIDENTIAL_CLIENTS_ONLY
|
631
|
+
obj.token_exchange_by_permitted_clients_only = TOKEN_EXCHANGE_BY_PERMITTED_CLIENTS_ONLY
|
621
632
|
end
|
622
633
|
|
623
634
|
|
@@ -776,6 +787,9 @@ class ServiceTest < Minitest::Test
|
|
776
787
|
assert_equal SUPPORTED_CLIENT_REGISTRATION_TYPES, obj.supported_client_registration_types
|
777
788
|
assert_equal TRUST_ANCHOR_ENTITY_ID, obj.trustAnchors[0].entityId
|
778
789
|
assert_equal TRUST_ANCHOR_JWKS, obj.trustAnchors[0].jwks
|
790
|
+
assert_equal TOKEN_EXCHANGE_BY_IDENTIFIABLE_CLIENTS_ONLY, obj.token_exchange_by_identifiable_clients_only
|
791
|
+
assert_equal TOKEN_EXCHANGE_BY_CONFIDENTIAL_CLIENTS_ONLY, obj.token_exchange_by_confidential_clients_only
|
792
|
+
assert_equal TOKEN_EXCHANGE_BY_PERMITTED_CLIENTS_ONLY, obj.token_exchange_by_permitted_clients_only
|
779
793
|
end
|
780
794
|
|
781
795
|
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: authlete
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.21.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Takahiko Kawasaki
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2022-07-
|
12
|
+
date: 2022-07-25 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: rest-client
|