doorkeeper-openid_connect 1.0.0 → 1.0.1
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ae67f5718e8a89e0ebca2879c0e160d85b605f05
|
4
|
+
data.tar.gz: eb28b2f5e753cd4844830358b7cca3c81ef4de6f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 20967d5bcc944e7afd6a0788c67b4618d8c250e97afa180f8a11b27aef970e917d64229866feccfbb6900fd01c44ee0b0c2b6697186af96ef1f48cbacb518346
|
7
|
+
data.tar.gz: 57f7f47f3dcdbf6a6e226ad7416c4dbb75912d7bc2ab8dfe73002d4e969780e8cbb8190e27eaabd8f2682006afe8f09952dc173cbbb0ac9ea0ac3b370c9805d5
|
data/README.md
CHANGED
@@ -42,12 +42,21 @@ Add the following to your config/initializers/doorkeeper_openid_connect.rb:
|
|
42
42
|
-----END RSA PUBLIC KEY-----
|
43
43
|
eol
|
44
44
|
|
45
|
+
resource_owner_from_access_token do |access_token|
|
46
|
+
# Example implementation:
|
47
|
+
# User.find_by(id: access_token.resource_owner_id)
|
48
|
+
end
|
49
|
+
|
45
50
|
issuer 'issuer string'
|
46
51
|
|
47
52
|
subject do |resource_owner|
|
48
|
-
|
53
|
+
# Example implementation:
|
54
|
+
# resource_owner.key
|
49
55
|
end
|
50
56
|
|
57
|
+
# Expiration time on or after which the ID Token MUST NOT be accepted for processing. (default 120 seconds).
|
58
|
+
# expiration 600
|
59
|
+
|
51
60
|
claims do
|
52
61
|
claim :_foo_ do |resource_owner|
|
53
62
|
resource_owner.foo
|
@@ -66,13 +75,18 @@ The following configurations are required:
|
|
66
75
|
|
67
76
|
* jws_private_key - private key for JSON Web Signature(https://tools.ietf.org/html/draft-ietf-jose-json-web-signature-31)
|
68
77
|
* jws_public_key - public key for JSON Web Signature(https://tools.ietf.org/html/draft-ietf-jose-json-web-signature-31)
|
69
|
-
* issuer - Issuer Identifier for the Issuer of the response. The iss value is a case sensitive URL using the https scheme that contains scheme, host, and optionally, port number and path components and no query or fragment components.
|
70
78
|
* resource_owner_from_access_token - defines how to translate the doorkeeper access_token to a resource owner model
|
71
79
|
|
72
80
|
Given a resource owner, the following claims are required:
|
73
81
|
|
82
|
+
* issuer - REQUIRED. Issuer Identifier for the Issuer of the response. The iss value is a case sensitive URL using the https scheme that contains scheme, host, and optionally, port number and path components and no query or fragment components.
|
74
83
|
* subject - REQUIRED. Subject Identifier. A locally unique and never reassigned identifier within the Issuer for the End-User, which is intended to be consumed by the Client, e.g., 24400320 or AItOawmwtWwcT0k51BayewNvutrJUqsvl6qs7A4. It MUST NOT exceed 255 ASCII characters in length. The sub value is a case sensitive string.
|
75
84
|
|
85
|
+
Exp claim can optionally be specified by expiration configuration.
|
86
|
+
|
87
|
+
* exp - REQUIRED. Expiration time on or after which the ID Token MUST NOT be accepted for processing. The processing of this parameter requires that the current date/time MUST be before the expiration date/time listed in the value. Implementers MAY provide for some small leeway, usually no more than a few minutes, to account for clock skew. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time. See RFC 3339 [RFC3339] for details regarding date/times in general and UTC in particular.
|
88
|
+
* Default 120 seconds
|
89
|
+
|
76
90
|
Custom claims can optionally be specified in a `claims` block. The following claim types are currently supported:
|
77
91
|
|
78
92
|
* normal_claim - Normal claims (http://openid.net/specs/openid-connect-core-1_0.html#NormalClaims) - specify claim name and a block using resource_owner to determine the claim value.
|
@@ -53,6 +53,16 @@ describe Doorkeeper::OpenidConnect, 'configuration' do
|
|
53
53
|
end
|
54
54
|
end
|
55
55
|
|
56
|
+
describe 'expiration' do
|
57
|
+
it 'sets the value that is accessible via expiration' do
|
58
|
+
value = ''
|
59
|
+
Doorkeeper::OpenidConnect.configure do
|
60
|
+
expiration value
|
61
|
+
end
|
62
|
+
expect(subject.expiration).to eq(value)
|
63
|
+
end
|
64
|
+
end
|
65
|
+
|
56
66
|
describe 'claims' do
|
57
67
|
it 'sets the claims configuration that is accessible via claims' do
|
58
68
|
Doorkeeper::OpenidConnect.configure do
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: doorkeeper-openid_connect
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sam Dengler
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-
|
11
|
+
date: 2015-05-08 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: railties
|