RubyGems - authlete - Versions diffs - 1.20.0 → 1.23.0 - Mend

authlete 1.20.0 → 1.23.0

Files changed (9) hide show

checksums.yaml +4 -4
data/lib/authlete/model/client-extension.rb +6 -1
data/lib/authlete/model/client.rb +13 -1
data/lib/authlete/model/service.rb +30 -0
data/lib/authlete/version.rb +1 -1
data/test/authlete/model/test_client-extension.rb +7 -2
data/test/authlete/model/test_client.rb +23 -8
data/test/authlete/model/test_service.rb +24 -2
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0f0f975f450b062ce2e4c699ecf963ab67e0594b9912edda6e237aa34a5d232a
-  data.tar.gz: 5b65c27d14a277aa1a3118e3c0381c06426f43eb3a04e9a5cf5b1ddef87d80b9
+  metadata.gz: 3ff212bd1b3919e176b67af639ee6f712b68edd79e84e9c53dd38a9d57e6a4b9
+  data.tar.gz: 3c1a772790b54d7723aaecade60563c7eef07b295eaac9d343b06ada3c9e0b98
 SHA512:
-  metadata.gz: 6259dfda0962dcc6da2c5fa2a2e316471c14b0c302019a5a1fd942a0ae705155bcccd7469576b64642962ea6b3cbfa994778e130044659c34c8d8a9d6cbffd53
-  data.tar.gz: 966937e26341c3b9ec375c1118f156519dda150cd8c20c18bb29fba411bd2594c9bcbb78220eabdf21b2bbcf633fd817ab679f1dbd4b26e995f30fb2ea9ec357
+  metadata.gz: 46b424e7e7b5cf06fb3f413ec572a61e878b8de70db2cc5a6c696667e7e3f7b8203d90c0eab8aeb0d1d86c9e79d89dac9bffaa3233d304effd9c29bbb4b55c5c
+  data.tar.gz: 923ccd23038030e2f1cc6c77f9da2babae678fed6e291d553463c4d6f3e022cda6b7c1257d192c36bc7519a50727246b1b2d083d83ec368f2c67bd23177c6472

data/lib/authlete/model/client-extension.rb CHANGED Viewed

@@ -36,6 +36,9 @@ module Authlete
       alias_method  :refresh_token_duration,  :refreshTokenDuration
       alias_method  :refresh_token_duration=, :refreshTokenDuration=
+      attr_accessor :tokenExchangePermitted
+      alias_method  :token_exchange_permitted,  :tokenExchangePermitted
+      alias_method  :token_exchange_permitted=, :tokenExchangePermitted=
       private
       def defaults
@@ -43,7 +46,8 @@ module Authlete
           requestableScopes:        nil,
           requestableScopesEnabled: false,
           accessTokenDuration:      0,
-          refreshTokenDuration:     0
+          refreshTokenDuration:     0,
+          tokenExchangePermitted:   false
         }
       end
@@ -52,6 +56,7 @@ module Authlete
         @requestableScopesEnabled = hash[:requestableScopesEnabled]
         @accessTokenDuration      = hash[:accessTokenDuration]
         @refreshTokenDuration     = hash[:refreshTokenDuration]
+        @tokenExchangePermitted   = hash[:tokenExchangePermitted]
       end
     end
   end

data/lib/authlete/model/client.rb CHANGED Viewed

@@ -312,6 +312,14 @@ module Authlete
       attr_accessor :singleAccessTokenPerSubject
       alias_method  :single_access_token_per_subject,  :singleAccessTokenPerSubject
       alias_method  :single_access_token_per_subject=, :singleAccessTokenPerSubject=
+      attr_accessor :pkceRequired
+      alias_method  :pkce_required,  :pkceRequired
+      alias_method  :pkce_required=, :pkceRequired=
+      attr_accessor :pkceS256Required
+      alias_method  :pkce_s256_required,  :pkceS256Required
+      alias_method  :pkce_s256_required=, :pkceS256Required=
       private
       def defaults
@@ -392,7 +400,9 @@ module Authlete
           requestObjectEncryptionAlgMatchRequired:     false,
           requestObjectEncryptionEncMatchRequired:     false,
           digestAlgorithm:                             nil,
-          singleAccessTokenPerSubject:                 false
+          singleAccessTokenPerSubject:                 false,
+          pkceRequired:                                false,
+          pkceS256Required:                            false,
         }
       end
@@ -474,6 +484,8 @@ module Authlete
         @requestObjectEncryptionEncMatchRequired     = hash[:requestObjectEncryptionEncMatchRequired]
         @digestAlgorithm                             = hash[:digestAlgorithm]
         @singleAccessTokenPerSubject                 = hash[:singleAccessTokenPerSubject]
+        @pkceRequired                                = hash[:pkceRequired]
+        @pkceS256Required                            = hash[:pkceS256Required]
       end
       def to_hash_value(key, var)

data/lib/authlete/model/service.rb CHANGED Viewed

@@ -563,6 +563,26 @@ module Authlete
       alias_method  :trust_anchors,  :trustAnchors
       alias_method  :trust_anchors=, :trustAnchors=
+      attr_accessor :tokenExchangeByIdentifiableClientsOnly
+      alias_method  :token_exchange_by_identifiable_clients_only,  :tokenExchangeByIdentifiableClientsOnly
+      alias_method  :token_exchange_by_identifiable_clients_only=, :tokenExchangeByIdentifiableClientsOnly=
+      attr_accessor :tokenExchangeByConfidentialClientsOnly
+      alias_method  :token_exchange_by_confidential_clients_only,  :tokenExchangeByConfidentialClientsOnly
+      alias_method  :token_exchange_by_confidential_clients_only=, :tokenExchangeByConfidentialClientsOnly=
+      attr_accessor :tokenExchangeByPermittedClientsOnly
+      alias_method  :token_exchange_by_permitted_clients_only,  :tokenExchangeByPermittedClientsOnly
+      alias_method  :token_exchange_by_permitted_clients_only=, :tokenExchangeByPermittedClientsOnly=
+      attr_accessor :tokenExchangeEncryptedJwtRejected
+      alias_method  :token_exchange_encrypted_jwt_rejected,  :tokenExchangeEncryptedJwtRejected
+      alias_method  :token_exchange_encrypted_jwt_rejected=, :tokenExchangeEncryptedJwtRejected=
+      attr_accessor :tokenExchangeUnsignedJwtRejected
+      alias_method  :token_exchange_unsigned_jwt_rejected,  :tokenExchangeUnsignedJwtRejected
+      alias_method  :token_exchange_unsigned_jwt_rejected=, :tokenExchangeUnsignedJwtRejected=
       private
       def defaults
@@ -706,6 +726,11 @@ module Authlete
           federationRegistrationEndpoint:              nil,
           supportedClientRegistrationTypes:            nil,
           trustAnchors:                                nil,
+          tokenExchangeByIdentifiableClientsOnly:      false,
+          tokenExchangeByConfidentialClientsOnly:      false,
+          tokenExchangeByPermittedClientsOnly:         false,
+          tokenExchangeEncryptedJwtRejected:           false,
+          tokenExchangeUnsignedJwtRejected:            false,
         }
       end
@@ -849,6 +874,11 @@ module Authlete
         @federationRegistrationEndpoint              = hash[:federationRegistrationEndpoint]
         @supportedClientRegistrationTypes            = hash[:supportedClientRegistrationTypes]
         @trustAnchors                                = get_parsed_array(hash[:trustAnchors]) { |e| Authlete::Model::TrustAnchor.parse(e) }
+        @tokenExchangeByIdentifiableClientsOnly      = hash[:tokenExchangeByIdentifiableClientsOnly]
+        @tokenExchangeByConfidentialClientsOnly      = hash[:tokenExchangeByConfidentialClientsOnly]
+        @tokenExchangeByPermittedClientsOnly         = hash[:tokenExchangeByPermittedClientsOnly]
+        @tokenExchangeEncryptedJwtRejected           = hash[:tokenExchangeEncryptedJwtRejected]
+        @tokenExchangeUnsignedJwtRejected            = hash[:tokenExchangeUnsignedJwtRejected]
       end

data/lib/authlete/version.rb CHANGED Viewed

@@ -16,5 +16,5 @@
 module Authlete
-  VERSION = "1.20.0"
+  VERSION = "1.23.0"
 end

data/test/authlete/model/test_client-extension.rb CHANGED Viewed

@@ -25,6 +25,7 @@ class ClientExtensionTest < Minitest::Test
   REQUESTABLE_SCOPES_ENABLED = true
   ACCESS_TOKEN_DURATION      = 10000
   REFRESH_TOKEN_DURATION     = 10000
+  TOKEN_EXCHANGE_PERMITTED   = false
   def generate_json
@@ -33,7 +34,8 @@ class ClientExtensionTest < Minitest::Test
         "requestableScopes":        [ "<requestable-scope0>", "<requestable-scope1>" ],
         "requestableScopesEnabled": true,
         "accessTokenDuration":      10000,
-        "refreshTokenDuration":     10000
+        "refreshTokenDuration":     10000,
+        "tokenExchangePermitted":   false
       }
     JSON
   end
@@ -44,7 +46,8 @@ class ClientExtensionTest < Minitest::Test
       requestableScopes:        %w(<requestable-scope0> <requestable-scope1>),
       requestableScopesEnabled: true,
       accessTokenDuration:      10000,
-      refreshTokenDuration:     10000
+      refreshTokenDuration:     10000,
+      tokenExchangePermitted:   false
     }
   end
@@ -54,6 +57,7 @@ class ClientExtensionTest < Minitest::Test
     obj.requestable_scopes_enabled = REQUESTABLE_SCOPES_ENABLED
     obj.access_token_duration      = ACCESS_TOKEN_DURATION
     obj.refresh_token_duration     = REFRESH_TOKEN_DURATION
+    obj.token_exchange_permitted   = TOKEN_EXCHANGE_PERMITTED
   end
@@ -62,6 +66,7 @@ class ClientExtensionTest < Minitest::Test
     assert_equal REQUESTABLE_SCOPES_ENABLED, obj.requestableScopesEnabled
     assert_equal ACCESS_TOKEN_DURATION,      obj.accessTokenDuration
     assert_equal REFRESH_TOKEN_DURATION,     obj.refreshTokenDuration
+    assert_equal TOKEN_EXCHANGE_PERMITTED,   obj.tokenExchangePermitted
   end

data/test/authlete/model/test_client.rb CHANGED Viewed

@@ -85,11 +85,13 @@ class ClientTest < Minitest::Test
   REQUESTABLE_SCOPES_ENABLED                       = true
   ACCESS_TOKEN_DURATION                            = 10000
   REFRESH_TOKEN_DURATION                           = 10000
+  TOKEN_EXCHANGE_PERMITTED                         = false
   EXTENSION                                        = Authlete::Model::ClientExtension.new(
                                                        requestableScopes:        REQUESTABLE_SCOPES,
                                                        requestableScopesEnabled: REQUESTABLE_SCOPES_ENABLED,
                                                        accessTokenDuration:      ACCESS_TOKEN_DURATION,
-                                                       refreshTokenDuration:     REFRESH_TOKEN_DURATION
+                                                       refreshTokenDuration:     REFRESH_TOKEN_DURATION,
+                                                       tokenExchangePermitted:   TOKEN_EXCHANGE_PERMITTED
                                                      )
   TLS_CLIENT_AUTH_SUBJECT_DN                       = '<tls-client-auth-subject-dn>'
   TLS_CLIENT_AUTH_SAN_DNS                          = '<tls-client-auth-san-dns>'
@@ -121,6 +123,8 @@ class ClientTest < Minitest::Test
   REQUEST_OBJECT_ENCRYPTION_ENC_MATCH_REQUIRED     = false
   DIGEST_ALGORITHM                                 = '<digest-algorithm>'
   SINGLE_ACCESS_TOKEN_PER_SUBJECT                  = false
+  PKCE_REQUIRED                                    = false
+  PKCE_S256_REQUIRED                               = false
   def generate_json
     return <<~JSON
@@ -177,7 +181,8 @@ class ClientTest < Minitest::Test
                                                          "requestableScopes":        [ "<requestable-scope0>", "<requestable-scope1>" ],
                                                          "requestableScopesEnabled": true,
                                                          "accessTokenDuration":      10000,
-                                                         "refreshTokenDuration":     10000
+                                                         "refreshTokenDuration":     10000,
+                                                         "tokenExchangePermitted":   false
                                                        },
         "tlsClientAuthSubjectDn":                      "<tls-client-auth-subject-dn>",
         "tlsClientAuthSanDns":                         "<tls-client-auth-san-dns>",
@@ -206,11 +211,13 @@ class ClientTest < Minitest::Test
         "requestObjectEncryptionAlgMatchRequired":     false,
         "requestObjectEncryptionEncMatchRequired":     false,
         "digestAlgorithm":                             "<digest-algorithm>",
-        "singleAccessTokenPerSubject":                 false
+        "singleAccessTokenPerSubject":                 false,
+        "pkceRequired":                                false,
+        "pkceS256Required":                            false
       }
-    JSON
-  end
+      JSON
+    end
   def generate_hash
     {
@@ -266,7 +273,8 @@ class ClientTest < Minitest::Test
                                                      requestableScopes:        [ '<requestable-scope0>', '<requestable-scope1>' ],
                                                      requestableScopesEnabled: true,
                                                      accessTokenDuration:      10000,
-                                                     refreshTokenDuration:     10000
+                                                     refreshTokenDuration:     10000,
+                                                     tokenExchangePermitted:   false
                                                    },
       tlsClientAuthSubjectDn:                      '<tls-client-auth-subject-dn>',
       tlsClientAuthSanDns:                         '<tls-client-auth-san-dns>',
@@ -295,7 +303,9 @@ class ClientTest < Minitest::Test
       requestObjectEncryptionAlgMatchRequired:     false,
       requestObjectEncryptionEncMatchRequired:     false,
       digestAlgorithm:                             '<digest-algorithm>',
-      singleAccessTokenPerSubject:                 false
+      singleAccessTokenPerSubject:                 false,
+      pkceRequired:                                false,
+      pkceS256Required:                            false,
     }
   end
@@ -378,6 +388,8 @@ class ClientTest < Minitest::Test
     obj.requestObjectEncryptionEncMatchRequired     = REQUEST_OBJECT_ENCRYPTION_ENC_MATCH_REQUIRED
     obj.digestAlgorithm                             = DIGEST_ALGORITHM
     obj.singleAccessTokenPerSubject                 = SINGLE_ACCESS_TOKEN_PER_SUBJECT
+    obj.pkceRequired                                = PKCE_REQUIRED
+    obj.pkceS256Required                            = PKCE_S256_REQUIRED
   end
@@ -440,6 +452,7 @@ class ClientTest < Minitest::Test
     assert_equal REQUESTABLE_SCOPES_ENABLED,                       obj.extension.requestableScopesEnabled
     assert_equal ACCESS_TOKEN_DURATION,                            obj.extension.accessTokenDuration
     assert_equal REFRESH_TOKEN_DURATION,                           obj.extension.refreshTokenDuration
+    assert_equal TOKEN_EXCHANGE_PERMITTED,                         obj.extension.tokenExchangePermitted
     assert_equal TLS_CLIENT_AUTH_SUBJECT_DN,                       obj.tlsClientAuthSubjectDn
     assert_equal TLS_CLIENT_AUTH_SAN_DNS,                          obj.tlsClientAuthSanDns
     assert_equal TLS_CLIENT_AUTH_SAN_URI,                          obj.tlsClientAuthSanUri
@@ -467,6 +480,8 @@ class ClientTest < Minitest::Test
     assert_equal REQUEST_OBJECT_ENCRYPTION_ENC_MATCH_REQUIRED,     obj.requestObjectEncryptionEncMatchRequired
     assert_equal DIGEST_ALGORITHM,                                 obj.digestAlgorithm
     assert_equal SINGLE_ACCESS_TOKEN_PER_SUBJECT,                  obj.singleAccessTokenPerSubject
+    assert_equal PKCE_REQUIRED,                                    obj.pkceRequired
+    assert_equal PKCE_S256_REQUIRED,                               obj.pkceS256Required
   end

data/test/authlete/model/test_service.rb CHANGED Viewed

@@ -183,7 +183,11 @@ class ServiceTest < Minitest::Test
   TRUST_ANCHOR_ENTITY_ID                           = '<entity-id>'
   TRUST_ANCHOR_JWKS                                = '<jwks>'
   TRUST_ANCHORS                                    = [ Authlete::Model::TrustAnchor.new(entityId: TRUST_ANCHOR_ENTITY_ID, jwks: TRUST_ANCHOR_JWKS) ]
+  TOKEN_EXCHANGE_BY_IDENTIFIABLE_CLIENTS_ONLY      = false
+  TOKEN_EXCHANGE_BY_CONFIDENTIAL_CLIENTS_ONLY      = false
+  TOKEN_EXCHANGE_BY_PERMITTED_CLIENTS_ONLY         = false
+  TOKEN_EXCHANGE_ENCRYPTED_JWT_REJECTED            = false
+  TOKEN_EXCHANGE_UNSIGNED_JWT_REJECTED             = false
   def generate_json
     return <<~JSON
@@ -326,7 +330,12 @@ class ServiceTest < Minitest::Test
         "signedJwksUri":                               "<signed-jwks-uri>",
         "federationRegistrationEndpoint":              "<federation-registration-endpoint>",
         "supportedClientRegistrationTypes":            [ "AUTOMATIC", "EXPLICIT"],
-        "trustAnchors":                                [{ "entityId": "<entity-id>", "jwks": "<jwks>" }]
+        "trustAnchors":                                [{ "entityId": "<entity-id>", "jwks": "<jwks>" }],
+        "tokenExchangeByIdentifiableClientsOnly":      false,
+        "tokenExchangeByConfidentialClientsOnly":      false,
+        "tokenExchangeByPermittedClientsOnly":         false,
+        "tokenExchangeEncryptedJwtRejected":           false,
+        "tokenExchangeUnsignedJwtRejected":            false
       }
       JSON
@@ -474,6 +483,11 @@ class ServiceTest < Minitest::Test
       federationRegistrationEndpoint:              '<federation-registration-endpoint>',
       supportedClientRegistrationTypes:            [ 'AUTOMATIC', 'EXPLICIT'],
       trustAnchors:                                [{ entityId: "<entity-id>", jwks: "<jwks>" }],
+      tokenExchangeByIdentifiableClientsOnly:      false,
+      tokenExchangeByConfidentialClientsOnly:      false,
+      tokenExchangeByPermittedClientsOnly:         false,
+      tokenExchangeEncryptedJwtRejected:           false,
+      tokenExchangeUnsignedJwtRejected:            false,
     }
   end
@@ -618,6 +632,9 @@ class ServiceTest < Minitest::Test
     obj.federation_registration_endpoint              = FEDERATION_REGISTRATION_ENDPOINT
     obj.supported_client_registration_types           = SUPPORTED_CLIENT_REGISTRATION_TYPES
     obj.trust_anchors                                 = TRUST_ANCHORS
+    obj.token_exchange_by_identifiable_clients_only   = TOKEN_EXCHANGE_BY_IDENTIFIABLE_CLIENTS_ONLY
+    obj.token_exchange_by_confidential_clients_only   = TOKEN_EXCHANGE_BY_CONFIDENTIAL_CLIENTS_ONLY
+    obj.token_exchange_by_permitted_clients_only      = TOKEN_EXCHANGE_BY_PERMITTED_CLIENTS_ONLY
   end
@@ -776,6 +793,11 @@ class ServiceTest < Minitest::Test
     assert_equal SUPPORTED_CLIENT_REGISTRATION_TYPES,              obj.supported_client_registration_types
     assert_equal TRUST_ANCHOR_ENTITY_ID,                           obj.trustAnchors[0].entityId
     assert_equal TRUST_ANCHOR_JWKS,                                obj.trustAnchors[0].jwks
+    assert_equal TOKEN_EXCHANGE_BY_IDENTIFIABLE_CLIENTS_ONLY,      obj.token_exchange_by_identifiable_clients_only
+    assert_equal TOKEN_EXCHANGE_BY_CONFIDENTIAL_CLIENTS_ONLY,      obj.token_exchange_by_confidential_clients_only
+    assert_equal TOKEN_EXCHANGE_BY_PERMITTED_CLIENTS_ONLY,         obj.token_exchange_by_permitted_clients_only
+    assert_equal TOKEN_EXCHANGE_ENCRYPTED_JWT_REJECTED,            obj.token_exchange_encrypted_jwt_rejected
+    assert_equal TOKEN_EXCHANGE_UNSIGNED_JWT_REJECTED,             obj.token_exchange_unsigned_jwt_rejected
   end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: authlete
 version: !ruby/object:Gem::Version
-  version: 1.20.0
+  version: 1.23.0
 platform: ruby
 authors:
 - Takahiko Kawasaki
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-07-14 00:00:00.000000000 Z
+date: 2022-08-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rest-client