authlete 1.21.0 → 1.24.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: aa7e3f6284c06767eef0769f49d23b45d814b05143e1e814851601d7b0fe4d4d
-  data.tar.gz: 592b75c5d9b63bf1ce2b6e6043a60b2b5a349d8b93d54215e168bfb20b9bb4d5
+  metadata.gz: 26deda3ee39d63a3c94018735d82e3e2f49bb53e88e69650ac02e1944f461d10
+  data.tar.gz: da2ff9c8b30b51dd73f9247800980843b8416fce9130b69a8d8d1cd693e5c892
 SHA512:
-  metadata.gz: 97116cc29a6312fc46f738b503b350b030cbdd7bd28c33fdab6d0761ec5774244472bf3bb4400bfd0457caf0fe16a6c1bb9480fcf22d0929b21202581bda856d
-  data.tar.gz: b1df3677a66b7cd5526405c7a71d024753ecba058a4152aa9f4a68e020bc4483cd705aecb68ced4c7796bf137be3799380268074277a2ac42c12a070d54a3622
+  metadata.gz: 4301023dc6242a227432e9d65a0769b915cb0d327b3b22627fa5023147085f9b301bf1f04a43c3093f0a011bed5be5fef29a4b47eda34428825451a797719476
+  data.tar.gz: ee39ea5c34a9095f9316dd7544d3e0697b495bbe02520129eef46a6c34b255b4a44936aaaa70b2382d5d3ea60f36d8bd9f8a401bbd6c13af48a918ef03e408b5

data/lib/authlete/model/client.rb

@@ -312,6 +312,14 @@ module Authlete
       attr_accessor :singleAccessTokenPerSubject
       alias_method  :single_access_token_per_subject,  :singleAccessTokenPerSubject
       alias_method  :single_access_token_per_subject=, :singleAccessTokenPerSubject=    
+
+      attr_accessor :pkceRequired
+      alias_method  :pkce_required,  :pkceRequired
+      alias_method  :pkce_required=, :pkceRequired=
+
+      attr_accessor :pkceS256Required
+      alias_method  :pkce_s256_required,  :pkceS256Required
+      alias_method  :pkce_s256_required=, :pkceS256Required=    
       private
 
       def defaults
@@ -392,7 +400,9 @@ module Authlete
           requestObjectEncryptionAlgMatchRequired:     false,
           requestObjectEncryptionEncMatchRequired:     false,
           digestAlgorithm:                             nil,
-          singleAccessTokenPerSubject:                 false
+          singleAccessTokenPerSubject:                 false,
+          pkceRequired:                                false,
+          pkceS256Required:                            false,
         }
       end
 
@@ -474,6 +484,8 @@ module Authlete
         @requestObjectEncryptionEncMatchRequired     = hash[:requestObjectEncryptionEncMatchRequired]
         @digestAlgorithm                             = hash[:digestAlgorithm]
         @singleAccessTokenPerSubject                 = hash[:singleAccessTokenPerSubject]
+        @pkceRequired                                = hash[:pkceRequired]
+        @pkceS256Required                            = hash[:pkceS256Required]
       end
 
       def to_hash_value(key, var)

data/lib/authlete/model/service.rb

@@ -575,6 +575,26 @@ module Authlete
       alias_method  :token_exchange_by_permitted_clients_only,  :tokenExchangeByPermittedClientsOnly
       alias_method  :token_exchange_by_permitted_clients_only=, :tokenExchangeByPermittedClientsOnly=
 
+      attr_accessor :tokenExchangeEncryptedJwtRejected
+      alias_method  :token_exchange_encrypted_jwt_rejected,  :tokenExchangeEncryptedJwtRejected
+      alias_method  :token_exchange_encrypted_jwt_rejected=, :tokenExchangeEncryptedJwtRejected=
+
+      attr_accessor :tokenExchangeUnsignedJwtRejected
+      alias_method  :token_exchange_unsigned_jwt_rejected,  :tokenExchangeUnsignedJwtRejected
+      alias_method  :token_exchange_unsigned_jwt_rejected=, :tokenExchangeUnsignedJwtRejected=
+
+      attr_accessor :jwtGrantByIdentifiableClientsOnly
+      alias_method  :jwt_grant_by_identifiable_clients_only,  :jwtGrantByIdentifiableClientsOnly
+      alias_method  :jwt_grant_by_identifiable_clients_only=, :jwtGrantByIdentifiableClientsOnly=
+
+      attr_accessor :jwtGrantEncryptedJwtRejected
+      alias_method  :jwt_grant_encrypted_jwt_rejected,  :jwtGrantEncryptedJwtRejected
+      alias_method  :jwt_grant_encrypted_jwt_rejected=, :jwtGrantEncryptedJwtRejected=
+
+      attr_accessor :jwtGrantUnsignedJwtRejected
+      alias_method  :jwt_grant_unsigned_jwt_rejected,  :jwtGrantUnsignedJwtRejected
+      alias_method  :jwt_grant_unsigned_jwt_rejected=, :jwtGrantUnsignedJwtRejected=
+
       private
       
       def defaults
@@ -721,6 +741,11 @@ module Authlete
           tokenExchangeByIdentifiableClientsOnly:      false,
           tokenExchangeByConfidentialClientsOnly:      false,
           tokenExchangeByPermittedClientsOnly:         false,
+          tokenExchangeEncryptedJwtRejected:           false,
+          tokenExchangeUnsignedJwtRejected:            false,
+          jwtGrantByIdentifiableClientsOnly:           false,
+          jwtGrantEncryptedJwtRejected:                false,
+          jwtGrantUnsignedJwtRejected:                 false,
         }
       end
 
@@ -867,6 +892,11 @@ module Authlete
         @tokenExchangeByIdentifiableClientsOnly      = hash[:tokenExchangeByIdentifiableClientsOnly]
         @tokenExchangeByConfidentialClientsOnly      = hash[:tokenExchangeByConfidentialClientsOnly]
         @tokenExchangeByPermittedClientsOnly         = hash[:tokenExchangeByPermittedClientsOnly]
+        @tokenExchangeEncryptedJwtRejected           = hash[:tokenExchangeEncryptedJwtRejected]
+        @tokenExchangeUnsignedJwtRejected            = hash[:tokenExchangeUnsignedJwtRejected]
+        @jwtGrantByIdentifiableClientsOnly           = hash[:jwtGrantByIdentifiableClientsOnly]
+        @jwtGrantEncryptedJwtRejected                = hash[:jwtGrantEncryptedJwtRejected]
+        @jwtGrantUnsignedJwtRejected                 = hash[:jwtGrantUnsignedJwtRejected]
 
       end
 

data/lib/authlete/version.rb

@@ -16,5 +16,5 @@
 
 
 module Authlete
-  VERSION = "1.21.0"
+  VERSION = "1.24.0"
 end

data/test/authlete/model/test_client.rb

@@ -123,6 +123,8 @@ class ClientTest < Minitest::Test
   REQUEST_OBJECT_ENCRYPTION_ENC_MATCH_REQUIRED     = false
   DIGEST_ALGORITHM                                 = '<digest-algorithm>'
   SINGLE_ACCESS_TOKEN_PER_SUBJECT                  = false
+  PKCE_REQUIRED                                    = false
+  PKCE_S256_REQUIRED                               = false
 
   def generate_json
     return <<~JSON
@@ -209,11 +211,13 @@ class ClientTest < Minitest::Test
         "requestObjectEncryptionAlgMatchRequired":     false,
         "requestObjectEncryptionEncMatchRequired":     false,
         "digestAlgorithm":                             "<digest-algorithm>",
-        "singleAccessTokenPerSubject":                 false
+        "singleAccessTokenPerSubject":                 false,
+        "pkceRequired":                                false,
+        "pkceS256Required":                            false
       }
-    JSON
-  end
-
+      JSON
+    end
+    
 
   def generate_hash
     {
@@ -299,7 +303,9 @@ class ClientTest < Minitest::Test
       requestObjectEncryptionAlgMatchRequired:     false,
       requestObjectEncryptionEncMatchRequired:     false,
       digestAlgorithm:                             '<digest-algorithm>',
-      singleAccessTokenPerSubject:                 false
+      singleAccessTokenPerSubject:                 false,
+      pkceRequired:                                false,
+      pkceS256Required:                            false,
     }
   end
 
@@ -382,6 +388,8 @@ class ClientTest < Minitest::Test
     obj.requestObjectEncryptionEncMatchRequired     = REQUEST_OBJECT_ENCRYPTION_ENC_MATCH_REQUIRED
     obj.digestAlgorithm                             = DIGEST_ALGORITHM
     obj.singleAccessTokenPerSubject                 = SINGLE_ACCESS_TOKEN_PER_SUBJECT
+    obj.pkceRequired                                = PKCE_REQUIRED
+    obj.pkceS256Required                            = PKCE_S256_REQUIRED
   end
 
 
@@ -472,6 +480,8 @@ class ClientTest < Minitest::Test
     assert_equal REQUEST_OBJECT_ENCRYPTION_ENC_MATCH_REQUIRED,     obj.requestObjectEncryptionEncMatchRequired
     assert_equal DIGEST_ALGORITHM,                                 obj.digestAlgorithm
     assert_equal SINGLE_ACCESS_TOKEN_PER_SUBJECT,                  obj.singleAccessTokenPerSubject
+    assert_equal PKCE_REQUIRED,                                    obj.pkceRequired
+    assert_equal PKCE_S256_REQUIRED,                               obj.pkceS256Required
   end
 
 

data/test/authlete/model/test_service.rb

@@ -186,6 +186,11 @@ class ServiceTest < Minitest::Test
   TOKEN_EXCHANGE_BY_IDENTIFIABLE_CLIENTS_ONLY      = false
   TOKEN_EXCHANGE_BY_CONFIDENTIAL_CLIENTS_ONLY      = false
   TOKEN_EXCHANGE_BY_PERMITTED_CLIENTS_ONLY         = false
+  TOKEN_EXCHANGE_ENCRYPTED_JWT_REJECTED            = false
+  TOKEN_EXCHANGE_UNSIGNED_JWT_REJECTED             = false
+  JWT_GRANT_BY_IDENTIFIABLE_CLIENTS_ONLY           = false
+  JWT_GRANT_ENCRYPTED_JWT_REJECTED                 = false
+  JWT_GRANT_UNSIGNED_JWT_REJECTED                  = false
 
   def generate_json
     return <<~JSON
@@ -331,7 +336,12 @@ class ServiceTest < Minitest::Test
         "trustAnchors":                                [{ "entityId": "<entity-id>", "jwks": "<jwks>" }],
         "tokenExchangeByIdentifiableClientsOnly":      false,
         "tokenExchangeByConfidentialClientsOnly":      false,
-        "tokenExchangeByPermittedClientsOnly":         false
+        "tokenExchangeByPermittedClientsOnly":         false,
+        "tokenExchangeEncryptedJwtRejected":           false,
+        "tokenExchangeUnsignedJwtRejected":            false,
+        "jwtGrantByIdentifiableClientsOnly":           false,
+        "jwtGrantEncryptedJwtRejected":                false,
+        "jwtGrantUnsignedJwtRejected":                 false
       }
       JSON
 
@@ -482,6 +492,11 @@ class ServiceTest < Minitest::Test
       tokenExchangeByIdentifiableClientsOnly:      false,
       tokenExchangeByConfidentialClientsOnly:      false,
       tokenExchangeByPermittedClientsOnly:         false,
+      tokenExchangeEncryptedJwtRejected:           false,
+      tokenExchangeUnsignedJwtRejected:            false,
+      jwtGrantByIdentifiableClientsOnly:           false,
+      jwtGrantEncryptedJwtRejected:                false,
+      jwtGrantUnsignedJwtRejected:                 false
     }
   end
 
@@ -629,6 +644,9 @@ class ServiceTest < Minitest::Test
     obj.token_exchange_by_identifiable_clients_only   = TOKEN_EXCHANGE_BY_IDENTIFIABLE_CLIENTS_ONLY
     obj.token_exchange_by_confidential_clients_only   = TOKEN_EXCHANGE_BY_CONFIDENTIAL_CLIENTS_ONLY
     obj.token_exchange_by_permitted_clients_only      = TOKEN_EXCHANGE_BY_PERMITTED_CLIENTS_ONLY
+    obj.jwtGrantByIdentifiableClientsOnly             = JWT_GRANT_BY_IDENTIFIABLE_CLIENTS_ONLY
+    obj.jwtGrantEncryptedJwtRejected                  = JWT_GRANT_ENCRYPTED_JWT_REJECTED
+    obj.jwtGrantUnsignedJwtRejected                   = JWT_GRANT_UNSIGNED_JWT_REJECTED
   end
 
 
@@ -790,6 +808,11 @@ class ServiceTest < Minitest::Test
     assert_equal TOKEN_EXCHANGE_BY_IDENTIFIABLE_CLIENTS_ONLY,      obj.token_exchange_by_identifiable_clients_only
     assert_equal TOKEN_EXCHANGE_BY_CONFIDENTIAL_CLIENTS_ONLY,      obj.token_exchange_by_confidential_clients_only
     assert_equal TOKEN_EXCHANGE_BY_PERMITTED_CLIENTS_ONLY,         obj.token_exchange_by_permitted_clients_only
+    assert_equal TOKEN_EXCHANGE_ENCRYPTED_JWT_REJECTED,            obj.token_exchange_encrypted_jwt_rejected
+    assert_equal TOKEN_EXCHANGE_UNSIGNED_JWT_REJECTED,             obj.token_exchange_unsigned_jwt_rejected
+    assert_equal JWT_GRANT_BY_IDENTIFIABLE_CLIENTS_ONLY,           obj.jwtGrantByIdentifiableClientsOnly
+    assert_equal JWT_GRANT_ENCRYPTED_JWT_REJECTED,                 obj.jwtGrantEncryptedJwtRejected
+    assert_equal JWT_GRANT_UNSIGNED_JWT_REJECTED,                  obj.jwtGrantUnsignedJwtRejected
   end
 
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: authlete
 version: !ruby/object:Gem::Version
-  version: 1.21.0
+  version: 1.24.0
 platform: ruby
 authors:
 - Takahiko Kawasaki
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-07-25 00:00:00.000000000 Z
+date: 2022-08-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rest-client