authlete 1.21.0 → 1.24.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/authlete/model/client.rb +13 -1
- data/lib/authlete/model/service.rb +30 -0
- data/lib/authlete/version.rb +1 -1
- data/test/authlete/model/test_client.rb +15 -5
- data/test/authlete/model/test_service.rb +24 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 26deda3ee39d63a3c94018735d82e3e2f49bb53e88e69650ac02e1944f461d10
|
4
|
+
data.tar.gz: da2ff9c8b30b51dd73f9247800980843b8416fce9130b69a8d8d1cd693e5c892
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4301023dc6242a227432e9d65a0769b915cb0d327b3b22627fa5023147085f9b301bf1f04a43c3093f0a011bed5be5fef29a4b47eda34428825451a797719476
|
7
|
+
data.tar.gz: ee39ea5c34a9095f9316dd7544d3e0697b495bbe02520129eef46a6c34b255b4a44936aaaa70b2382d5d3ea60f36d8bd9f8a401bbd6c13af48a918ef03e408b5
|
@@ -312,6 +312,14 @@ module Authlete
|
|
312
312
|
attr_accessor :singleAccessTokenPerSubject
|
313
313
|
alias_method :single_access_token_per_subject, :singleAccessTokenPerSubject
|
314
314
|
alias_method :single_access_token_per_subject=, :singleAccessTokenPerSubject=
|
315
|
+
|
316
|
+
attr_accessor :pkceRequired
|
317
|
+
alias_method :pkce_required, :pkceRequired
|
318
|
+
alias_method :pkce_required=, :pkceRequired=
|
319
|
+
|
320
|
+
attr_accessor :pkceS256Required
|
321
|
+
alias_method :pkce_s256_required, :pkceS256Required
|
322
|
+
alias_method :pkce_s256_required=, :pkceS256Required=
|
315
323
|
private
|
316
324
|
|
317
325
|
def defaults
|
@@ -392,7 +400,9 @@ module Authlete
|
|
392
400
|
requestObjectEncryptionAlgMatchRequired: false,
|
393
401
|
requestObjectEncryptionEncMatchRequired: false,
|
394
402
|
digestAlgorithm: nil,
|
395
|
-
singleAccessTokenPerSubject: false
|
403
|
+
singleAccessTokenPerSubject: false,
|
404
|
+
pkceRequired: false,
|
405
|
+
pkceS256Required: false,
|
396
406
|
}
|
397
407
|
end
|
398
408
|
|
@@ -474,6 +484,8 @@ module Authlete
|
|
474
484
|
@requestObjectEncryptionEncMatchRequired = hash[:requestObjectEncryptionEncMatchRequired]
|
475
485
|
@digestAlgorithm = hash[:digestAlgorithm]
|
476
486
|
@singleAccessTokenPerSubject = hash[:singleAccessTokenPerSubject]
|
487
|
+
@pkceRequired = hash[:pkceRequired]
|
488
|
+
@pkceS256Required = hash[:pkceS256Required]
|
477
489
|
end
|
478
490
|
|
479
491
|
def to_hash_value(key, var)
|
@@ -575,6 +575,26 @@ module Authlete
|
|
575
575
|
alias_method :token_exchange_by_permitted_clients_only, :tokenExchangeByPermittedClientsOnly
|
576
576
|
alias_method :token_exchange_by_permitted_clients_only=, :tokenExchangeByPermittedClientsOnly=
|
577
577
|
|
578
|
+
attr_accessor :tokenExchangeEncryptedJwtRejected
|
579
|
+
alias_method :token_exchange_encrypted_jwt_rejected, :tokenExchangeEncryptedJwtRejected
|
580
|
+
alias_method :token_exchange_encrypted_jwt_rejected=, :tokenExchangeEncryptedJwtRejected=
|
581
|
+
|
582
|
+
attr_accessor :tokenExchangeUnsignedJwtRejected
|
583
|
+
alias_method :token_exchange_unsigned_jwt_rejected, :tokenExchangeUnsignedJwtRejected
|
584
|
+
alias_method :token_exchange_unsigned_jwt_rejected=, :tokenExchangeUnsignedJwtRejected=
|
585
|
+
|
586
|
+
attr_accessor :jwtGrantByIdentifiableClientsOnly
|
587
|
+
alias_method :jwt_grant_by_identifiable_clients_only, :jwtGrantByIdentifiableClientsOnly
|
588
|
+
alias_method :jwt_grant_by_identifiable_clients_only=, :jwtGrantByIdentifiableClientsOnly=
|
589
|
+
|
590
|
+
attr_accessor :jwtGrantEncryptedJwtRejected
|
591
|
+
alias_method :jwt_grant_encrypted_jwt_rejected, :jwtGrantEncryptedJwtRejected
|
592
|
+
alias_method :jwt_grant_encrypted_jwt_rejected=, :jwtGrantEncryptedJwtRejected=
|
593
|
+
|
594
|
+
attr_accessor :jwtGrantUnsignedJwtRejected
|
595
|
+
alias_method :jwt_grant_unsigned_jwt_rejected, :jwtGrantUnsignedJwtRejected
|
596
|
+
alias_method :jwt_grant_unsigned_jwt_rejected=, :jwtGrantUnsignedJwtRejected=
|
597
|
+
|
578
598
|
private
|
579
599
|
|
580
600
|
def defaults
|
@@ -721,6 +741,11 @@ module Authlete
|
|
721
741
|
tokenExchangeByIdentifiableClientsOnly: false,
|
722
742
|
tokenExchangeByConfidentialClientsOnly: false,
|
723
743
|
tokenExchangeByPermittedClientsOnly: false,
|
744
|
+
tokenExchangeEncryptedJwtRejected: false,
|
745
|
+
tokenExchangeUnsignedJwtRejected: false,
|
746
|
+
jwtGrantByIdentifiableClientsOnly: false,
|
747
|
+
jwtGrantEncryptedJwtRejected: false,
|
748
|
+
jwtGrantUnsignedJwtRejected: false,
|
724
749
|
}
|
725
750
|
end
|
726
751
|
|
@@ -867,6 +892,11 @@ module Authlete
|
|
867
892
|
@tokenExchangeByIdentifiableClientsOnly = hash[:tokenExchangeByIdentifiableClientsOnly]
|
868
893
|
@tokenExchangeByConfidentialClientsOnly = hash[:tokenExchangeByConfidentialClientsOnly]
|
869
894
|
@tokenExchangeByPermittedClientsOnly = hash[:tokenExchangeByPermittedClientsOnly]
|
895
|
+
@tokenExchangeEncryptedJwtRejected = hash[:tokenExchangeEncryptedJwtRejected]
|
896
|
+
@tokenExchangeUnsignedJwtRejected = hash[:tokenExchangeUnsignedJwtRejected]
|
897
|
+
@jwtGrantByIdentifiableClientsOnly = hash[:jwtGrantByIdentifiableClientsOnly]
|
898
|
+
@jwtGrantEncryptedJwtRejected = hash[:jwtGrantEncryptedJwtRejected]
|
899
|
+
@jwtGrantUnsignedJwtRejected = hash[:jwtGrantUnsignedJwtRejected]
|
870
900
|
|
871
901
|
end
|
872
902
|
|
data/lib/authlete/version.rb
CHANGED
@@ -123,6 +123,8 @@ class ClientTest < Minitest::Test
|
|
123
123
|
REQUEST_OBJECT_ENCRYPTION_ENC_MATCH_REQUIRED = false
|
124
124
|
DIGEST_ALGORITHM = '<digest-algorithm>'
|
125
125
|
SINGLE_ACCESS_TOKEN_PER_SUBJECT = false
|
126
|
+
PKCE_REQUIRED = false
|
127
|
+
PKCE_S256_REQUIRED = false
|
126
128
|
|
127
129
|
def generate_json
|
128
130
|
return <<~JSON
|
@@ -209,11 +211,13 @@ class ClientTest < Minitest::Test
|
|
209
211
|
"requestObjectEncryptionAlgMatchRequired": false,
|
210
212
|
"requestObjectEncryptionEncMatchRequired": false,
|
211
213
|
"digestAlgorithm": "<digest-algorithm>",
|
212
|
-
"singleAccessTokenPerSubject": false
|
214
|
+
"singleAccessTokenPerSubject": false,
|
215
|
+
"pkceRequired": false,
|
216
|
+
"pkceS256Required": false
|
213
217
|
}
|
214
|
-
|
215
|
-
|
216
|
-
|
218
|
+
JSON
|
219
|
+
end
|
220
|
+
|
217
221
|
|
218
222
|
def generate_hash
|
219
223
|
{
|
@@ -299,7 +303,9 @@ class ClientTest < Minitest::Test
|
|
299
303
|
requestObjectEncryptionAlgMatchRequired: false,
|
300
304
|
requestObjectEncryptionEncMatchRequired: false,
|
301
305
|
digestAlgorithm: '<digest-algorithm>',
|
302
|
-
singleAccessTokenPerSubject: false
|
306
|
+
singleAccessTokenPerSubject: false,
|
307
|
+
pkceRequired: false,
|
308
|
+
pkceS256Required: false,
|
303
309
|
}
|
304
310
|
end
|
305
311
|
|
@@ -382,6 +388,8 @@ class ClientTest < Minitest::Test
|
|
382
388
|
obj.requestObjectEncryptionEncMatchRequired = REQUEST_OBJECT_ENCRYPTION_ENC_MATCH_REQUIRED
|
383
389
|
obj.digestAlgorithm = DIGEST_ALGORITHM
|
384
390
|
obj.singleAccessTokenPerSubject = SINGLE_ACCESS_TOKEN_PER_SUBJECT
|
391
|
+
obj.pkceRequired = PKCE_REQUIRED
|
392
|
+
obj.pkceS256Required = PKCE_S256_REQUIRED
|
385
393
|
end
|
386
394
|
|
387
395
|
|
@@ -472,6 +480,8 @@ class ClientTest < Minitest::Test
|
|
472
480
|
assert_equal REQUEST_OBJECT_ENCRYPTION_ENC_MATCH_REQUIRED, obj.requestObjectEncryptionEncMatchRequired
|
473
481
|
assert_equal DIGEST_ALGORITHM, obj.digestAlgorithm
|
474
482
|
assert_equal SINGLE_ACCESS_TOKEN_PER_SUBJECT, obj.singleAccessTokenPerSubject
|
483
|
+
assert_equal PKCE_REQUIRED, obj.pkceRequired
|
484
|
+
assert_equal PKCE_S256_REQUIRED, obj.pkceS256Required
|
475
485
|
end
|
476
486
|
|
477
487
|
|
@@ -186,6 +186,11 @@ class ServiceTest < Minitest::Test
|
|
186
186
|
TOKEN_EXCHANGE_BY_IDENTIFIABLE_CLIENTS_ONLY = false
|
187
187
|
TOKEN_EXCHANGE_BY_CONFIDENTIAL_CLIENTS_ONLY = false
|
188
188
|
TOKEN_EXCHANGE_BY_PERMITTED_CLIENTS_ONLY = false
|
189
|
+
TOKEN_EXCHANGE_ENCRYPTED_JWT_REJECTED = false
|
190
|
+
TOKEN_EXCHANGE_UNSIGNED_JWT_REJECTED = false
|
191
|
+
JWT_GRANT_BY_IDENTIFIABLE_CLIENTS_ONLY = false
|
192
|
+
JWT_GRANT_ENCRYPTED_JWT_REJECTED = false
|
193
|
+
JWT_GRANT_UNSIGNED_JWT_REJECTED = false
|
189
194
|
|
190
195
|
def generate_json
|
191
196
|
return <<~JSON
|
@@ -331,7 +336,12 @@ class ServiceTest < Minitest::Test
|
|
331
336
|
"trustAnchors": [{ "entityId": "<entity-id>", "jwks": "<jwks>" }],
|
332
337
|
"tokenExchangeByIdentifiableClientsOnly": false,
|
333
338
|
"tokenExchangeByConfidentialClientsOnly": false,
|
334
|
-
"tokenExchangeByPermittedClientsOnly": false
|
339
|
+
"tokenExchangeByPermittedClientsOnly": false,
|
340
|
+
"tokenExchangeEncryptedJwtRejected": false,
|
341
|
+
"tokenExchangeUnsignedJwtRejected": false,
|
342
|
+
"jwtGrantByIdentifiableClientsOnly": false,
|
343
|
+
"jwtGrantEncryptedJwtRejected": false,
|
344
|
+
"jwtGrantUnsignedJwtRejected": false
|
335
345
|
}
|
336
346
|
JSON
|
337
347
|
|
@@ -482,6 +492,11 @@ class ServiceTest < Minitest::Test
|
|
482
492
|
tokenExchangeByIdentifiableClientsOnly: false,
|
483
493
|
tokenExchangeByConfidentialClientsOnly: false,
|
484
494
|
tokenExchangeByPermittedClientsOnly: false,
|
495
|
+
tokenExchangeEncryptedJwtRejected: false,
|
496
|
+
tokenExchangeUnsignedJwtRejected: false,
|
497
|
+
jwtGrantByIdentifiableClientsOnly: false,
|
498
|
+
jwtGrantEncryptedJwtRejected: false,
|
499
|
+
jwtGrantUnsignedJwtRejected: false
|
485
500
|
}
|
486
501
|
end
|
487
502
|
|
@@ -629,6 +644,9 @@ class ServiceTest < Minitest::Test
|
|
629
644
|
obj.token_exchange_by_identifiable_clients_only = TOKEN_EXCHANGE_BY_IDENTIFIABLE_CLIENTS_ONLY
|
630
645
|
obj.token_exchange_by_confidential_clients_only = TOKEN_EXCHANGE_BY_CONFIDENTIAL_CLIENTS_ONLY
|
631
646
|
obj.token_exchange_by_permitted_clients_only = TOKEN_EXCHANGE_BY_PERMITTED_CLIENTS_ONLY
|
647
|
+
obj.jwtGrantByIdentifiableClientsOnly = JWT_GRANT_BY_IDENTIFIABLE_CLIENTS_ONLY
|
648
|
+
obj.jwtGrantEncryptedJwtRejected = JWT_GRANT_ENCRYPTED_JWT_REJECTED
|
649
|
+
obj.jwtGrantUnsignedJwtRejected = JWT_GRANT_UNSIGNED_JWT_REJECTED
|
632
650
|
end
|
633
651
|
|
634
652
|
|
@@ -790,6 +808,11 @@ class ServiceTest < Minitest::Test
|
|
790
808
|
assert_equal TOKEN_EXCHANGE_BY_IDENTIFIABLE_CLIENTS_ONLY, obj.token_exchange_by_identifiable_clients_only
|
791
809
|
assert_equal TOKEN_EXCHANGE_BY_CONFIDENTIAL_CLIENTS_ONLY, obj.token_exchange_by_confidential_clients_only
|
792
810
|
assert_equal TOKEN_EXCHANGE_BY_PERMITTED_CLIENTS_ONLY, obj.token_exchange_by_permitted_clients_only
|
811
|
+
assert_equal TOKEN_EXCHANGE_ENCRYPTED_JWT_REJECTED, obj.token_exchange_encrypted_jwt_rejected
|
812
|
+
assert_equal TOKEN_EXCHANGE_UNSIGNED_JWT_REJECTED, obj.token_exchange_unsigned_jwt_rejected
|
813
|
+
assert_equal JWT_GRANT_BY_IDENTIFIABLE_CLIENTS_ONLY, obj.jwtGrantByIdentifiableClientsOnly
|
814
|
+
assert_equal JWT_GRANT_ENCRYPTED_JWT_REJECTED, obj.jwtGrantEncryptedJwtRejected
|
815
|
+
assert_equal JWT_GRANT_UNSIGNED_JWT_REJECTED, obj.jwtGrantUnsignedJwtRejected
|
793
816
|
end
|
794
817
|
|
795
818
|
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: authlete
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.24.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Takahiko Kawasaki
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2022-
|
12
|
+
date: 2022-08-10 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: rest-client
|