authlete 1.26.1 → 1.27.0

data/test/authlete/model/test_client.rb

@@ -1,6 +1,6 @@
 # :nodoc:
 #
-# Copyright (C) 2014-2020 Authlete, Inc.
+# Copyright (C) 2014-2022 Authlete, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -55,7 +55,7 @@ class ClientTest < Minitest::Test
   TOS_URI_VALUE                                    = '<tos-uri0-value>'
   TOS_URIS                                         = [ Authlete::Model::TaggedValue.new(tag: TOS_URI_TAG, value: TOS_URI_VALUE) ]
   JWKS_URI                                         = '<jwks-uri>'
-  JWKS                                             = '<jwks>'
+  JWKS                                             = '{"keys":[]}'
   DERIVED_SECTOR_IDENTIFIER                        = '<derived-sector-identifier>'
   SECTOR_IDENTIFIER_URI                            = '<sector-identifier-uri>'
   SUBJECT_TYPE                                     = 'PUBLIC'
@@ -153,7 +153,7 @@ class ClientTest < Minitest::Test
         "tosUri":                                      "<tos-uri>",
         "tosUris":                                     [ { "tag": "<tos-uri0-tag>", "value": "<tos-uri0-value>" } ],
         "jwksUri":                                     "<jwks-uri>",
-        "jwks":                                        "<jwks>",
+        "jwks":                                        "{\\"keys\\":[]}",
         "derivedSectorIdentifier":                     "<derived-sector-identifier>",
         "sectorIdentifierUri":                         "<sector-identifier-uri>",
         "subjectType":                                 "PUBLIC",
@@ -216,8 +216,8 @@ class ClientTest < Minitest::Test
         "pkceS256Required":                            false
       }
       JSON
-    end
-    
+  end
+
 
   def generate_hash
     {
@@ -245,7 +245,7 @@ class ClientTest < Minitest::Test
       tosUri:                                      '<tos-uri>',
       tosUris:                                     [ { tag: '<tos-uri0-tag>', value: '<tos-uri0-value>' } ],
       jwksUri:                                     '<jwks-uri>',
-      jwks:                                        '<jwks>',
+      jwks:                                        '{"keys":[]}',
       derivedSectorIdentifier:                     '<derived-sector-identifier>',
       sectorIdentifierUri:                         '<sector-identifier-uri>',
       subjectType:                                 'PUBLIC',
@@ -509,4 +509,81 @@ class ClientTest < Minitest::Test
 
     assert_equal expected, actual
   end
+
+
+  def test_standard_metadata_full
+    client = Authlete::Model::Client.new
+    set_params(client)
+
+    expected_response_types = ['none', 'code', 'token', 'id_token']
+    expected_grant_types    = ['authorization_code', 'refresh_token']
+    expected_jwks           = { "keys" => [] }
+
+    metadata = client.standard_metadata(false, false, false)
+
+    assert_equal "#{CLIENT_ID}",                             metadata[:client_id]
+    assert_equal REDIRECT_URIS,                              metadata[:redirect_uris]
+    assert_equal expected_response_types,                    metadata[:response_types]
+    assert_equal expected_grant_types,                       metadata[:grant_types]
+    assert_equal 'web',                                      metadata[:application_type]
+    assert_equal CONTACTS,                                   metadata[:contacts]
+    assert_equal CLIENT_NAME,                                metadata[:client_name]
+    assert_equal LOGO_URI,                                   metadata[:logo_uri]
+    assert_equal CLIENT_URI,                                 metadata[:client_uri]
+    assert_equal POLICY_URI,                                 metadata[:policy_uri]
+    assert_equal TOS_URI,                                    metadata[:tos_uri]
+    assert_equal JWKS_URI,                                   metadata[:jwks_uri]
+    assert_equal expected_jwks,                              metadata[:jwks]
+    assert_equal SECTOR_IDENTIFIER_URI,                      metadata[:sector_identifier_uri]
+    assert_equal 'public',                                   metadata[:subject_type]
+    assert_equal 'HS256',                                    metadata[:id_token_signed_response_alg]
+    assert_equal 'PBES2-HS256+A128KW',                       metadata[:id_token_encrypted_response_alg]
+    assert_equal 'A128CBC-HS256',                            metadata[:id_token_encrypted_response_enc]
+    assert_equal 'HS256',                                    metadata[:userinfo_signed_response_alg]
+    assert_equal 'PBES2-HS256+A128KW',                       metadata[:userinfo_encrypted_response_alg]
+    assert_equal 'A128CBC-HS256',                            metadata[:userinfo_encrypted_response_enc]
+    assert_equal 'HS256',                                    metadata[:request_object_signing_alg]
+    assert_equal 'PBES2-HS256+A128KW',                       metadata[:request_object_encryption_alg]
+    assert_equal 'A128CBC-HS256',                            metadata[:request_object_encryption_enc]
+    assert_equal 'client_secret_basic',                      metadata[:token_endpoint_auth_method]
+    assert_equal 'HS256',                                    metadata[:token_endpoint_auth_signing_alg]
+    assert_equal DEFAULT_MAX_AGE,                            metadata[:default_max_age]
+    assert_equal DEFAULT_ACRS,                               metadata[:default_acr_values]
+    assert_equal AUTH_TIME_REQUIRED,                         metadata[:require_auth_time]
+    assert_equal LOGIN_URI,                                  metadata[:initiate_login_uri]
+    assert_equal REQUEST_URIS,                               metadata[:request_uris]
+    assert_equal TLS_CLIENT_AUTH_SUBJECT_DN,                 metadata[:tls_client_auth_subject_dn]
+    assert_equal TLS_CLIENT_AUTH_SAN_DNS,                    metadata[:tls_client_auth_san_dns]
+    assert_equal TLS_CLIENT_AUTH_SAN_URI,                    metadata[:tls_client_auth_san_uri]
+    assert_equal TLS_CLIENT_AUTH_SAN_IP,                     metadata[:tls_client_auth_san_ip]
+    assert_equal TLS_CLIENT_AUTH_SAN_EMAIL,                  metadata[:tls_client_auth_san_email]
+    assert_equal TLS_CLIENT_CERTIFICATE_BOUND_ACCESS_TOKENS, metadata[:tls_client_certificate_bound_access_tokens]
+    assert_equal SOFTWARE_ID,                                metadata[:software_id]
+    assert_equal SOFTWARE_VERSION,                           metadata[:software_version]
+    assert_equal 'HS256',                                    metadata[:authorization_signed_response_alg]
+    assert_equal 'PBES2-HS256+A128KW',                       metadata[:authorization_encrypted_response_alg]
+    assert_equal 'A128CBC-HS256',                            metadata[:authorization_encrypted_response_enc]
+    assert_equal 'poll',                                     metadata[:backchannel_token_delivery_mode]
+    assert_equal BC_NOTIFICATION_ENDPOINT,                   metadata[:backchannel_client_notification_endpoint]
+    assert_equal 'HS256',                                    metadata[:backchannel_authentication_request_signing_alg]
+    assert_equal BC_USER_CODE_REQUIRED,                      metadata[:backchannel_user_code_parameter]
+    assert_equal AUTHORIZATION_DETAILS_TYPES,                metadata[:authorization_details_types]
+    assert_equal DIGEST_ALGORITHM,                           metadata[:digest_algorithm]
+  end
+
+
+  def test_standard_metadata_minimum
+    client = Authlete::Model::Client.new
+    set_params(client)
+
+    client.default_max_age    = 0
+    client.auth_time_required = false
+    client.login_uri          = nil
+
+    metadata = client.standard_metadata
+
+    assert_nil metadata[:default_max_age]
+    assert_nil metadata[:require_auth_time]
+    assert_nil metadata[:initiate_login_uri]
+  end
 end

data/test/authlete/model/test_service.rb

@@ -1,6 +1,6 @@
 # :nodoc:
 #
-# Copyright (C) 2014-2020 Authlete, Inc.
+# Copyright (C) 2014-2022 Authlete, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -194,6 +194,7 @@ class ServiceTest < Minitest::Test
   FEDERATION_SIGNATURE_KEY_ID                      = '<federation-signature-key-id>'
   FEDERATION_CONFIGURATION_DURATION                = 100
   DCR_DUPLICATE_SOFTWARE_ID_BLOCKED                = false
+  OPENID_DROPPED_ON_REFRESH_WITHOUT_OFFLINE_ACCESS = false
 
   def generate_json
     return <<~JSON
@@ -347,7 +348,8 @@ class ServiceTest < Minitest::Test
         "jwtGrantUnsignedJwtRejected":                 false,
         "federationSignatureKeyId":                    "<federation-signature-key-id>",
         "federationConfigurationDuration":             100,
-        "dcrDuplicateSoftwareIdBlocked":               false
+        "dcrDuplicateSoftwareIdBlocked":               false,
+        "openidDroppedOnRefreshWithoutOfflineAccess":  false
       }
       JSON
 
@@ -505,7 +507,8 @@ class ServiceTest < Minitest::Test
       jwtGrantUnsignedJwtRejected:                 false,
       federationSignatureKeyId:                    '<federation-signature-key-id>',
       federationConfigurationDuration:             100,
-      dcrDuplicateSoftwareIdBlocked:               false
+      dcrDuplicateSoftwareIdBlocked:               false,
+      openidDroppedOnRefreshWithoutOfflineAccess:  false
     }
   end
 
@@ -659,6 +662,7 @@ class ServiceTest < Minitest::Test
     obj.federation_signature_key_id                   = FEDERATION_SIGNATURE_KEY_ID
     obj.federation_configuration_duration             = FEDERATION_CONFIGURATION_DURATION
     obj.dcr_duplicate_software_id_blocked             = DCR_DUPLICATE_SOFTWARE_ID_BLOCKED
+    obj.openidDroppedOnRefreshWithoutOfflineAccess    = OPENID_DROPPED_ON_REFRESH_WITHOUT_OFFLINE_ACCESS
   end
 
   def match(obj)
@@ -827,6 +831,7 @@ class ServiceTest < Minitest::Test
     assert_equal FEDERATION_SIGNATURE_KEY_ID,                      obj.federationSignatureKeyId
     assert_equal FEDERATION_CONFIGURATION_DURATION,                obj.federationConfigurationDuration
     assert_equal DCR_DUPLICATE_SOFTWARE_ID_BLOCKED,                obj.dcrDuplicateSoftwareIdBlocked
+    assert_equal OPENID_DROPPED_ON_REFRESH_WITHOUT_OFFLINE_ACCESS, obj.openidDroppedOnRefreshWithoutOfflineAccess
   end
 
 

data/test/authlete/types/test_application-type.rb

@@ -0,0 +1,44 @@
+# :nodoc:
+#
+# Copyright (C) 2022 Authlete, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+require 'authlete'
+require 'minitest/autorun'
+
+
+class ApplicationTypeTest < Minitest::Test
+  def do_test(input, expected)
+    output = Authlete::Types::ApplicationType::constant_get(input)
+
+    if expected.nil?
+      assert_nil output
+    else
+      assert_equal expected, output
+    end
+  end
+
+  def test_unknown
+    do_test('UNKNOWN', nil)
+  end
+
+  def test_web
+    do_test('WEB', 'web')
+  end
+
+  def test_native
+    do_test('NATIVE', 'native')
+  end
+end

data/test/authlete/types/test_client-auth-method.rb

@@ -0,0 +1,64 @@
+# :nodoc:
+#
+# Copyright (C) 2022 Authlete, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+require 'authlete'
+require 'minitest/autorun'
+
+
+class ClientAuthMethodTest < Minitest::Test
+  def do_test(input, expected)
+    output = Authlete::Types::ClientAuthMethod::constant_get(input)
+
+    if expected.nil?
+      assert_nil output
+    else
+      assert_equal expected, output
+    end
+  end
+
+  def test_unknown
+    do_test('UNKNOWN', nil)
+  end
+
+  def test_none
+    do_test('NONE', 'none')
+  end
+
+  def test_client_secret_basic
+    do_test('CLIENT_SECRET_BASIC', 'client_secret_basic')
+  end
+
+  def test_client_secret_post
+    do_test('CLIENT_SECRET_POST', 'client_secret_post')
+  end
+
+  def test_client_secret_jwt
+    do_test('CLIENT_SECRET_JWT', 'client_secret_jwt')
+  end
+
+  def test_private_key_jwt
+    do_test('PRIVATE_KEY_JWT', 'private_key_jwt')
+  end
+
+  def test_tls_client_auth
+    do_test('TLS_CLIENT_AUTH', 'tls_client_auth')
+  end
+
+  def test_self_signed_tls_client_auth
+    do_test('SELF_SIGNED_TLS_CLIENT_AUTH', 'self_signed_tls_client_auth')
+  end
+end

data/test/authlete/types/test_delivery-mode.rb

@@ -0,0 +1,48 @@
+# :nodoc:
+#
+# Copyright (C) 2022 Authlete, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+require 'authlete'
+require 'minitest/autorun'
+
+
+class DeliveryModeTest < Minitest::Test
+  def do_test(input, expected)
+    output = Authlete::Types::DeliveryMode::constant_get(input)
+
+    if expected.nil?
+      assert_nil output
+    else
+      assert_equal expected, output
+    end
+  end
+
+  def test_unknown
+    do_test('UNKNOWN', nil)
+  end
+
+  def test_poll
+    do_test('POLL', 'poll')
+  end
+
+  def test_ping
+    do_test('PING', 'ping')
+  end
+
+  def test_push
+    do_test('PUSH', 'push')
+  end
+end

data/test/authlete/types/test_grant-type.rb

@@ -0,0 +1,72 @@
+# :nodoc:
+#
+# Copyright (C) 2022 Authlete, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+require 'authlete'
+require 'minitest/autorun'
+
+
+class GrantTypeTest < Minitest::Test
+  def do_test(input, expected)
+    output = Authlete::Types::GrantType::constant_get(input)
+
+    if expected.nil?
+      assert_nil output
+    else
+      assert_equal expected, output
+    end
+  end
+
+  def test_unknown
+    do_test('UNKNOWN', nil)
+  end
+
+  def test_authorization_code
+    do_test('AUTHORIZATION_CODE', 'authorization_code')
+  end
+
+  def test_implicit
+    do_test('IMPLICIT', 'implicit')
+  end
+
+  def test_password
+    do_test('PASSWORD', 'password')
+  end
+
+  def test_client_credentials
+    do_test('CLIENT_CREDENTIALS', 'client_credentials')
+  end
+
+  def test_refresh_token
+    do_test('REFRESH_TOKEN', 'refresh_token')
+  end
+
+  def test_ciba
+    do_test('CIBA', 'urn:openid:params:grant-type:ciba')
+  end
+
+  def test_device_code
+    do_test('DEVICE_CODE', 'urn:ietf:params:oauth:grant-type:device_code')
+  end
+
+  def test_token_exchange
+    do_test('TOKEN_EXCHANGE', 'urn:ietf:params:oauth:grant-type:token-exchange')
+  end
+
+  def test_jwt_bearer
+    do_test('JWT_BEARER', 'urn:ietf:params:oauth:grant-type:jwt-bearer')
+  end
+end

data/test/authlete/types/test_jwealg.rb

@@ -0,0 +1,104 @@
+# :nodoc:
+#
+# Copyright (C) 2022 Authlete, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+require 'authlete'
+require 'minitest/autorun'
+
+
+class JWEAlgTest < Minitest::Test
+  def do_test(input, expected)
+    output = Authlete::Types::JWEAlg::constant_get(input)
+
+    if expected.nil?
+      assert_nil output
+    else
+      assert_equal expected, output
+    end
+  end
+
+  def test_unknown
+    do_test('UNKNOWN', nil)
+  end
+
+  def test_rsa1_5
+    do_test('RSA1_5', 'RSA1_5')
+  end
+
+  def test_oaep
+    do_test('RSA_OAEP', 'RSA-OAEP')
+  end
+
+  def test_oaep_256
+    do_test('RSA_OAEP_256', 'RSA-OAEP-256')
+  end
+
+  def test_a128kw
+    do_test('A128KW', 'A128KW')
+  end
+
+  def test_a192kw
+    do_test('A192KW', 'A192KW')
+  end
+
+  def test_a256kw
+    do_test('A256KW', 'A256KW')
+  end
+
+  def test_dir
+    do_test('DIR', 'dir')
+  end
+
+  def test_ecdh_es
+    do_test('ECDH_ES', 'ECDH-ES')
+  end
+
+  def test_ecdh_es_a128kw
+    do_test('ECDH_ES_A128KW', 'ECDH-ES+A128KW')
+  end
+
+  def test_ecdh_es_a192kw
+    do_test('ECDH_ES_A192KW', 'ECDH-ES+A192KW')
+  end
+
+  def test_ecdh_es_a256kw
+    do_test('ECDH_ES_A256KW', 'ECDH-ES+A256KW')
+  end
+
+  def test_a128gcmkw
+    do_test('A128GCMKW', 'A128GCMKW')
+  end
+
+  def test_a192gcmkw
+    do_test('A192GCMKW', 'A192GCMKW')
+  end
+
+  def test_a256gcmkw
+    do_test('A256GCMKW', 'A256GCMKW')
+  end
+
+  def test_pbes2_hs256_a128kw
+    do_test('PBES2_HS256_A128KW', 'PBES2-HS256+A128KW')
+  end
+
+  def test_pbes2_hs384_a192kw
+    do_test('PBES2_HS384_A192KW', 'PBES2-HS384+A192KW')
+  end
+
+  def test_pbes2_hs512_a256kw
+    do_test('PBES2_HS512_A256KW', 'PBES2-HS512+A256KW')
+  end
+end

data/test/authlete/types/test_jweenc.rb

@@ -0,0 +1,60 @@
+# :nodoc:
+#
+# Copyright (C) 2022 Authlete, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+require 'authlete'
+require 'minitest/autorun'
+
+
+class JWEEncTest < Minitest::Test
+  def do_test(input, expected)
+    output = Authlete::Types::JWEEnc::constant_get(input)
+
+    if expected.nil?
+      assert_nil output
+    else
+      assert_equal expected, output
+    end
+  end
+
+  def test_unknown
+    do_test('UNKNOWN', nil)
+  end
+
+  def test_a128cbc_hs256
+    do_test('A128CBC_HS256', 'A128CBC-HS256')
+  end
+
+  def test_a192cbc_hs384
+    do_test('A192CBC_HS384', 'A192CBC-HS384')
+  end
+
+  def test_a256cbc_hs512
+    do_test('A256CBC_HS512', 'A256CBC-HS512')
+  end
+
+  def test_a128gcm
+    do_test('A128GCM', 'A128GCM')
+  end
+
+  def test_a192gcm
+    do_test('A192GCM', 'A192GCM')
+  end
+
+  def test_a256gcm
+    do_test('A256GCM', 'A256GCM')
+  end
+end

data/test/authlete/types/test_jwsalg.rb

@@ -0,0 +1,96 @@
+# :nodoc:
+#
+# Copyright (C) 2022 Authlete, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+require 'authlete'
+require 'minitest/autorun'
+
+
+class JWSAlgTest < Minitest::Test
+  def do_test(input, expected)
+    output = Authlete::Types::JWSAlg::constant_get(input)
+
+    if expected.nil?
+      assert_nil output
+    else
+      assert_equal expected, output
+    end
+  end
+
+  def test_unknown
+    do_test('UNKNOWN', nil)
+  end
+
+  def test_none
+    do_test('NONE', 'none')
+  end
+
+  def test_hs256
+    do_test('HS256', 'HS256')
+  end
+
+  def test_hs384
+    do_test('HS384', 'HS384')
+  end
+
+  def test_hs512
+    do_test('HS512', 'HS512')
+  end
+
+  def test_rs256
+    do_test('RS256', 'RS256')
+  end
+
+  def test_rs384
+    do_test('RS384', 'RS384')
+  end
+
+  def test_rs512
+    do_test('RS512', 'RS512')
+  end
+
+  def test_es256
+    do_test('ES256', 'ES256')
+  end
+
+  def test_es384
+    do_test('ES384', 'ES384')
+  end
+
+  def test_es512
+    do_test('ES512', 'ES512')
+  end
+
+  def test_ps256
+    do_test('PS256', 'PS256')
+  end
+
+  def test_ps384
+    do_test('PS384', 'PS384')
+  end
+
+  def test_ps512
+    do_test('PS512', 'PS512')
+  end
+
+  def test_es256k
+    do_test('ES256K', 'ES256K')
+  end
+
+  def test_eddsa
+    do_test('EdDSA', 'EdDSA')
+  end
+end