doorkeeper-openid_connect 1.0.1 → 1.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +6 -18
- data/.ruby-version +1 -1
- data/.travis.yml +26 -0
- data/CHANGELOG.md +24 -0
- data/CONTRIBUTING.md +72 -0
- data/Gemfile +3 -6
- data/LICENSE.txt +2 -2
- data/README.md +174 -64
- data/app/controllers/doorkeeper/openid_connect/discovery_controller.rb +109 -0
- data/app/controllers/doorkeeper/openid_connect/userinfo_controller.rb +5 -10
- data/bin/console +9 -0
- data/bin/setup +8 -0
- data/config/locales/en.yml +10 -15
- data/doorkeeper-openid_connect.gemspec +18 -15
- data/lib/doorkeeper/openid_connect.rb +22 -52
- data/lib/doorkeeper/openid_connect/claims/aggregated_claim.rb +9 -0
- data/lib/doorkeeper/openid_connect/claims/claim.rb +34 -0
- data/lib/doorkeeper/openid_connect/claims/distributed_claim.rb +9 -0
- data/lib/doorkeeper/openid_connect/claims/normal_claim.rb +18 -0
- data/lib/doorkeeper/openid_connect/claims_builder.rb +5 -3
- data/lib/doorkeeper/openid_connect/config.rb +29 -34
- data/lib/doorkeeper/openid_connect/helpers/controller.rb +51 -0
- data/lib/doorkeeper/openid_connect/id_token.rb +62 -0
- data/lib/doorkeeper/openid_connect/oauth/authorization/code.rb +22 -0
- data/lib/doorkeeper/openid_connect/oauth/authorization_code_request.rb +24 -0
- data/lib/doorkeeper/openid_connect/oauth/password_access_token_request.rb +24 -0
- data/lib/doorkeeper/openid_connect/oauth/pre_authorization.rb +16 -0
- data/lib/doorkeeper/openid_connect/oauth/token_response.rb +21 -0
- data/lib/doorkeeper/openid_connect/orm/active_record.rb +21 -0
- data/lib/doorkeeper/openid_connect/orm/active_record/access_grant.rb +16 -0
- data/lib/doorkeeper/openid_connect/orm/active_record/request.rb +12 -0
- data/lib/doorkeeper/openid_connect/rails/routes.rb +29 -10
- data/lib/doorkeeper/openid_connect/rails/routes/mapper.rb +1 -1
- data/lib/doorkeeper/openid_connect/rails/routes/mapping.rb +4 -2
- data/lib/doorkeeper/openid_connect/user_info.rb +40 -0
- data/lib/doorkeeper/openid_connect/version.rb +1 -1
- data/lib/generators/doorkeeper/openid_connect/install_generator.rb +15 -0
- data/lib/generators/doorkeeper/openid_connect/migration_generator.rb +19 -0
- data/lib/generators/doorkeeper/openid_connect/templates/initializer.rb +51 -0
- data/lib/generators/doorkeeper/openid_connect/templates/migration.rb +14 -0
- metadata +77 -130
- data/lib/doorkeeper/openid_connect/models/claims/aggregated_claim.rb +0 -11
- data/lib/doorkeeper/openid_connect/models/claims/claim.rb +0 -15
- data/lib/doorkeeper/openid_connect/models/claims/distributed_claim.rb +0 -11
- data/lib/doorkeeper/openid_connect/models/claims/normal_claim.rb +0 -28
- data/lib/doorkeeper/openid_connect/models/id_token.rb +0 -63
- data/lib/doorkeeper/openid_connect/models/user_info.rb +0 -39
- data/spec/dummy/Rakefile +0 -7
- data/spec/dummy/app/controllers/application_controller.rb +0 -3
- data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -7
- data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -12
- data/spec/dummy/app/controllers/home_controller.rb +0 -17
- data/spec/dummy/app/controllers/metal_controller.rb +0 -11
- data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -11
- data/spec/dummy/app/helpers/application_helper.rb +0 -5
- data/spec/dummy/app/models/user.rb +0 -31
- data/spec/dummy/app/views/home/index.html.erb +0 -0
- data/spec/dummy/app/views/layouts/application.html.erb +0 -14
- data/spec/dummy/config.ru +0 -4
- data/spec/dummy/config/application.rb +0 -55
- data/spec/dummy/config/boot.rb +0 -6
- data/spec/dummy/config/database.yml +0 -15
- data/spec/dummy/config/environment.rb +0 -5
- data/spec/dummy/config/environments/development.rb +0 -29
- data/spec/dummy/config/environments/production.rb +0 -62
- data/spec/dummy/config/environments/test.rb +0 -56
- data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -7
- data/spec/dummy/config/initializers/doorkeeper.rb +0 -59
- data/spec/dummy/config/initializers/secret_token.rb +0 -9
- data/spec/dummy/config/initializers/session_store.rb +0 -8
- data/spec/dummy/config/initializers/wrap_parameters.rb +0 -14
- data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
- data/spec/dummy/config/mongo.yml +0 -11
- data/spec/dummy/config/mongoid2.yml +0 -9
- data/spec/dummy/config/mongoid3.yml +0 -18
- data/spec/dummy/config/mongoid4.yml +0 -19
- data/spec/dummy/config/routes.rb +0 -52
- data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -9
- data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -5
- data/spec/dummy/db/migrate/20130902165751_create_doorkeeper_tables.rb +0 -41
- data/spec/dummy/db/migrate/20130902175349_add_owner_to_application.rb +0 -7
- data/spec/dummy/db/schema.rb +0 -65
- data/spec/dummy/log/test.log +0 -16605
- data/spec/dummy/public/404.html +0 -26
- data/spec/dummy/public/422.html +0 -26
- data/spec/dummy/public/500.html +0 -26
- data/spec/dummy/public/favicon.ico +0 -0
- data/spec/dummy/script/rails +0 -6
- data/spec/lib/doorkeeper/openid_connect/config_spec.rb +0 -75
- data/spec/spec_helper.rb +0 -2
- data/spec/spec_helper_integration.rb +0 -48
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b40bbe1bf519ac049a06984fe9aa3e4c9dd8a51a
|
4
|
+
data.tar.gz: 4f5b3b1fb7a274a600566b7327f8d534039085b5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 5bbae464b4b78cac862eb48d36d52e55ccc22185c35f80dfc0b0cc0b0284d3ab63a935ecdd1c4a2b9a0f438b3546d07d1f99e472688c146b51ca41d6e98ec1c7
|
7
|
+
data.tar.gz: 5c24fce98f8baf319452109d17694eaa8562da62de8d8d5a731e0b13df0d75f8742b71807cb4b5ef5e13f0198009787661426235cc102605c12c7ea633f93303
|
data/.gitignore
CHANGED
@@ -1,18 +1,6 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
InstalledFiles
|
8
|
-
_yardoc
|
9
|
-
coverage
|
10
|
-
doc/
|
11
|
-
lib/bundler/man
|
12
|
-
pkg
|
13
|
-
rdoc
|
14
|
-
spec/reports
|
15
|
-
test/tmp
|
16
|
-
test/version_tmp
|
17
|
-
tmp
|
18
|
-
.idea/
|
1
|
+
/.bundle
|
2
|
+
/Gemfile.lock
|
3
|
+
/spec/dummy/db/*.sqlite3
|
4
|
+
/spec/dummy/log/*.log
|
5
|
+
/spec/dummy/tmp/
|
6
|
+
/spec/examples.txt
|
data/.ruby-version
CHANGED
@@ -1 +1 @@
|
|
1
|
-
2.1
|
1
|
+
2.3.1
|
data/.travis.yml
ADDED
@@ -0,0 +1,26 @@
|
|
1
|
+
sudo: false
|
2
|
+
language: ruby
|
3
|
+
cache: bundler
|
4
|
+
|
5
|
+
before_install:
|
6
|
+
- gem update bundler
|
7
|
+
|
8
|
+
before_script:
|
9
|
+
- bundle update
|
10
|
+
|
11
|
+
script:
|
12
|
+
- bundle exec rake spec
|
13
|
+
|
14
|
+
env:
|
15
|
+
- rails=4.2.0
|
16
|
+
- rails=5.0.0
|
17
|
+
|
18
|
+
rvm:
|
19
|
+
- 2.1
|
20
|
+
- 2.2.5
|
21
|
+
- 2.3.1
|
22
|
+
|
23
|
+
matrix:
|
24
|
+
exclude:
|
25
|
+
- env: rails=5.0.0
|
26
|
+
rvm: 2.1
|
data/CHANGELOG.md
ADDED
@@ -0,0 +1,24 @@
|
|
1
|
+
<a name="v1.1.0"></a>
|
2
|
+
### v1.1.0 (2016-11-30)
|
3
|
+
|
4
|
+
This release is a general clean-up and adds support for some advanced OpenID Connect features.
|
5
|
+
Make sure to check the updated [README.md](README.md), especially the [configuration](README.md#configuration) section.
|
6
|
+
|
7
|
+
#### Features
|
8
|
+
|
9
|
+
* Respect scope grants in UserInfo response ([25f2170](/../../commit/25f2170))
|
10
|
+
* Support max_age parameter ([aabe3aa](/../../commit/aabe3aa))
|
11
|
+
* Add generator for initializer ([80399fd](/../../commit/80399fd))
|
12
|
+
* Store and return nonces in IdToken responses ([d28ca8c](/../../commit/d28ca8c))
|
13
|
+
* Support prompt=none parameter ([c775d8b](/../../commit/c775d8b))
|
14
|
+
* Add supported claims to discovery response ([1d8f9ea](/../../commit/1d8f9ea))
|
15
|
+
* Add webfinger and keys endpoints for discovery ([f70898b](/../../commit/f70898b))
|
16
|
+
* Add discovery endpoint ([a16caa8](/../../commit/a16caa8))
|
17
|
+
|
18
|
+
#### Bug Fixes
|
19
|
+
|
20
|
+
* Work around response_body issue on Rails 5, fix specs ([bc4ac76](/../../commit/bc4ac76))
|
21
|
+
* Return auth_time in ID token claims ([490f756](/../../commit/490f756))
|
22
|
+
* Don't require nonce ([d2945da](/../../commit/d2945da))
|
23
|
+
* Also support POST requests to userinfo ([87a6577](/../../commit/87a6577))
|
24
|
+
* Add openid scope to Doorkeeper configuration ([8169c2d](/../../commit/8169c2d))
|
data/CONTRIBUTING.md
ADDED
@@ -0,0 +1,72 @@
|
|
1
|
+
# Contributing
|
2
|
+
|
3
|
+
## Workflow
|
4
|
+
|
5
|
+
We are using the [Feature Branch Workflow (also known as GitHub Flow)](https://guides.github.com/introduction/flow/), and prefer delivery as pull requests.
|
6
|
+
|
7
|
+
Our first line of defense is the [Travis CI](https://travis-ci.org/doorkeeper-gem/doorkeeper-openid_connect) build defined within [.travis.yml](.travis.yml) and triggered for every pull request.
|
8
|
+
|
9
|
+
Create a feature branch:
|
10
|
+
|
11
|
+
```sh
|
12
|
+
git checkout -B feat/contributing
|
13
|
+
```
|
14
|
+
|
15
|
+
## Creating Good Commits
|
16
|
+
|
17
|
+
The cardinal rule for creating good commits is to ensure there is only one
|
18
|
+
"logical change" per commit. Why is this an important rule?
|
19
|
+
|
20
|
+
* The smaller the amount of code being changed, the quicker & easier it is to
|
21
|
+
review & identify potential flaws.
|
22
|
+
|
23
|
+
* If a change is found to be flawed later, it may be necessary to revert the
|
24
|
+
broken commit. This is much easier to do if there are not other unrelated
|
25
|
+
code changes entangled with the original commit.
|
26
|
+
|
27
|
+
* When troubleshooting problems using Git's bisect capability, small well
|
28
|
+
defined changes will aid in isolating exactly where the code problem was
|
29
|
+
introduced.
|
30
|
+
|
31
|
+
* When browsing history using Git annotate/blame, small well defined changes
|
32
|
+
also aid in isolating exactly where & why a piece of code came from.
|
33
|
+
|
34
|
+
Things to avoid when creating commits:
|
35
|
+
|
36
|
+
* Mixing whitespace changes with functional code changes.
|
37
|
+
* Mixing two unrelated functional changes.
|
38
|
+
* Sending large new features in a single giant commit.
|
39
|
+
|
40
|
+
## Commit Message Conventions
|
41
|
+
|
42
|
+
We use commit messages as per [Conventional Changelog](https://github.com/conventional-changelog/conventional-changelog):
|
43
|
+
|
44
|
+
```none
|
45
|
+
<type>(<scope>): <subject>
|
46
|
+
```
|
47
|
+
|
48
|
+
Allowed types:
|
49
|
+
|
50
|
+
* **feat**: A new feature
|
51
|
+
* **fix**: A bug fix
|
52
|
+
* **docs**: Documentation only changes
|
53
|
+
* **style**: Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, newline, line endings, etc)
|
54
|
+
* **refactor**: A code change that neither fixes a bug or adds a feature
|
55
|
+
* **perf**: A code change that improves performance
|
56
|
+
* **test**: Adding missing tests
|
57
|
+
* **chore**: Changes to the build process or auxiliary tools and libraries such as documentation generation
|
58
|
+
|
59
|
+
You can add additional details after a new line to describe the change in detail or automatically close an issue on GitHub.
|
60
|
+
|
61
|
+
```none
|
62
|
+
feat: create initial CONTRIBUTING.md
|
63
|
+
|
64
|
+
This closes #73
|
65
|
+
```
|
66
|
+
|
67
|
+
## Release process
|
68
|
+
|
69
|
+
- Bump version in `lib/doorkeeper/openid_connect/version.rb`
|
70
|
+
- Update `CHANGELOG.md`
|
71
|
+
- Commit all changes
|
72
|
+
- Tag release and publish gem with `rake release`
|
data/Gemfile
CHANGED
@@ -1,10 +1,7 @@
|
|
1
|
-
ENV['rails'] ||= ENV['orm'] == "mongoid4" ? '4.0.2' : '3.2.13'
|
2
|
-
|
3
1
|
source 'https://rubygems.org'
|
4
2
|
|
5
|
-
#
|
6
|
-
|
7
|
-
|
8
|
-
gem 'doorkeeper'
|
3
|
+
# use Rails version specified by environment
|
4
|
+
ENV['rails'] ||= '5.0.0'
|
5
|
+
gem 'rails', "~> #{ENV['rails']}"
|
9
6
|
|
10
7
|
gemspec
|
data/LICENSE.txt
CHANGED
@@ -1,7 +1,7 @@
|
|
1
|
-
Copyright (c) 2014 Sam Dengler
|
2
|
-
|
3
1
|
MIT License
|
4
2
|
|
3
|
+
Copyright (c) 2014 PlayOn! Sports
|
4
|
+
|
5
5
|
Permission is hereby granted, free of charge, to any person obtaining
|
6
6
|
a copy of this software and associated documentation files (the
|
7
7
|
"Software"), to deal in the Software without restriction, including
|
data/README.md
CHANGED
@@ -1,104 +1,214 @@
|
|
1
1
|
# Doorkeeper::OpenidConnect
|
2
2
|
|
3
|
-
|
3
|
+
[![Build Status](https://travis-ci.org/doorkeeper-gem/doorkeeper-openid_connect.svg?branch=master)](https://travis-ci.org/doorkeeper-gem/doorkeeper-openid_connect)
|
4
|
+
[![Dependency Status](https://gemnasium.com/doorkeeper-gem/doorkeeper-openid_connect.svg?travis)](https://gemnasium.com/doorkeeper-gem/doorkeeper-openid_connect)
|
5
|
+
[![Code Climate](https://codeclimate.com/github/doorkeeper-gem/doorkeeper-openid_connect.svg)](https://codeclimate.com/github/doorkeeper-gem/doorkeeper-openid_connect)
|
6
|
+
[![Gem Version](https://badge.fury.io/rb/doorkeeper-openid_connect.svg)](https://rubygems.org/gems/doorkeeper-openid_connect)
|
4
7
|
|
5
|
-
|
8
|
+
This library implements [OpenID Connect](http://openid.net/connect/) for Rails applications on top of the [Doorkeeper](https://github.com/doorkeeper-gem/doorkeeper) OAuth 2.0 framework.
|
6
9
|
|
7
|
-
|
10
|
+
## Table of Contents
|
8
11
|
|
9
|
-
|
12
|
+
- [Status](#status)
|
13
|
+
- [Installation](#installation)
|
14
|
+
- [Configuration](#configuration)
|
15
|
+
- [Scopes](#scopes)
|
16
|
+
- [Claims](#claims)
|
17
|
+
- [Routes](#routes)
|
18
|
+
- [Nonces](#nonces)
|
19
|
+
- [Development](#development)
|
20
|
+
- [License](#license)
|
21
|
+
- [Sponsors](#sponsors)
|
22
|
+
|
23
|
+
## Status
|
10
24
|
|
11
|
-
|
25
|
+
The following parts of [OpenID Connect Core 1.0](http://openid.net/specs/openid-connect-core-1_0.html) are currently supported:
|
26
|
+
- [Authentication using the Authorization Code Flow](http://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth)
|
27
|
+
- [Requesting Claims using Scope Values](http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims)
|
28
|
+
- [UserInfo Endpoint](http://openid.net/specs/openid-connect-core-1_0.html#UserInfo)
|
29
|
+
- [Normal Claims](http://openid.net/specs/openid-connect-core-1_0.html#NormalClaims)
|
12
30
|
|
13
|
-
|
31
|
+
In addition we also support most of [OpenID Connect Discovery 1.0](http://openid.net/specs/openid-connect-discovery-1_0.html) for automatic configuration discovery.
|
14
32
|
|
15
|
-
|
33
|
+
Take a look at the [DiscoveryController](app/controllers/doorkeeper/openid_connect/discovery_controller.rb) for more details on supported features.
|
16
34
|
|
17
|
-
|
35
|
+
## Installation
|
18
36
|
|
19
|
-
|
37
|
+
Add this line to your application's `Gemfile` and run `bundle install`:
|
20
38
|
|
21
|
-
|
39
|
+
```ruby
|
40
|
+
gem 'doorkeeper-openid_connect'
|
41
|
+
```
|
22
42
|
|
23
|
-
|
43
|
+
Run the installation generator to update routes and create the initializer:
|
24
44
|
|
25
|
-
|
45
|
+
```sh
|
46
|
+
rails generate doorkeeper:openid_connect:install
|
47
|
+
```
|
26
48
|
|
27
|
-
|
49
|
+
Generate a migration for Active Record (other ORMs are currently not supported):
|
28
50
|
|
29
|
-
|
51
|
+
```sh
|
52
|
+
rails generate doorkeeper:openid_connect:migration
|
53
|
+
rake db:migrate
|
54
|
+
```
|
30
55
|
|
31
|
-
|
56
|
+
## Configuration
|
32
57
|
|
33
|
-
|
34
|
-
-----BEGIN RSA PRIVATE KEY-----
|
35
|
-
....
|
36
|
-
-----END RSA PRIVATE KEY-----
|
37
|
-
eol
|
58
|
+
Verify your settings in `config/initializers/doorkeeper.rb`:
|
38
59
|
|
39
|
-
|
40
|
-
|
41
|
-
....
|
42
|
-
-----END RSA PUBLIC KEY-----
|
43
|
-
eol
|
60
|
+
- `resource_owner_authenticator`
|
61
|
+
- Make sure this returns a falsey value if the current user can't be determined:
|
44
62
|
|
45
|
-
|
46
|
-
|
47
|
-
|
63
|
+
```ruby
|
64
|
+
resource_owner_authenticator do
|
65
|
+
if current_user
|
66
|
+
current_user
|
67
|
+
else
|
68
|
+
redirect_to(new_user_session_url)
|
69
|
+
nil
|
48
70
|
end
|
71
|
+
end
|
72
|
+
```
|
49
73
|
|
50
|
-
|
74
|
+
The following settings are required in `config/initializers/doorkeeper_openid_connect.rb`:
|
51
75
|
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
76
|
+
- `issuer`
|
77
|
+
- Identifier for the issuer of the response (i.e. your application URL). The value is a case sensitive URL using the `https` scheme that contains scheme, host, and optionally, port number and path components and no query or fragment components.
|
78
|
+
- `subject`
|
79
|
+
- Identifier for the resource owner (i.e. the authenticated user). A locally unique and never reassigned identifier within the issuer for the end-user, which is intended to be consumed by the client. The value is a case-sensitive string and must not exceed 255 ASCII characters in length.
|
80
|
+
- The database ID of the user is an acceptable choice if you don't mind leaking that information.
|
81
|
+
- `jws_private_key`, `jws_public_key`
|
82
|
+
- Private and public RSA key pair for [JSON Web Signature](https://tools.ietf.org/html/draft-ietf-jose-json-web-signature-31).
|
83
|
+
- You can generate these with the `openssl` command, see e.g. [Generate a keypair using OpenSSL](https://en.wikibooks.org/wiki/Cryptography/Generate_a_keypair_using_OpenSSL).
|
84
|
+
- You should not commit these keys to your repository, but use external files (in combination with `File.read`) and/or the [dotenv-rails](https://github.com/bkeepers/dotenv) gem (in combination with `ENV[...]`).
|
85
|
+
- `resource_owner_from_access_token`
|
86
|
+
- Defines how to translate the Doorkeeper access token to a resource owner model.
|
56
87
|
|
57
|
-
|
58
|
-
# expiration 600
|
88
|
+
The following settings are optional, but recommended for better client compatibility:
|
59
89
|
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
90
|
+
- `auth_time_from_resource_owner`
|
91
|
+
- Returns the time of the user's last login, this can be a `Time`, `DateTime`, or any other class that responds to `to_i`
|
92
|
+
- Required to support the `max_age` parameter and the `auth_time` claim.
|
93
|
+
- `reauthenticate_resource_owner`
|
94
|
+
- Defines how to trigger reauthentication for the current user (e.g. display a password prompt, or sign-out the user and redirect to the login form).
|
95
|
+
- Required to support the `max_age` and `prompt=login` parameters.
|
64
96
|
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
97
|
+
The following settings are optional:
|
98
|
+
|
99
|
+
- `expiration`
|
100
|
+
- Expiration time after which the ID Token must not be accepted for processing by clients.
|
101
|
+
- The default is 120 seconds
|
69
102
|
|
103
|
+
### Scopes
|
104
|
+
|
105
|
+
To perform authentication over OpenID Connect, an OAuth client needs to request the `openid` scope. This scope needs to be enabled using either `optional_scopes` in the global Doorkeeper configuration in `config/initializers/doorkeeper.rb`, or by adding it to any OAuth application's `scope` attribute.
|
106
|
+
|
107
|
+
> Note that any application defining its own scopes won't inherit the scopes defined in the initializer, so you might have to update existing applications as well.
|
108
|
+
>
|
109
|
+
> See [Using Scopes](https://github.com/doorkeeper-gem/doorkeeper/wiki/Using-Scopes) in the Doorkeeper wiki for more information.
|
110
|
+
|
111
|
+
### Claims
|
112
|
+
|
113
|
+
Claims can be defined in a `claims` block inside `config/initializers/doorkeeper_openid_connect.rb`:
|
114
|
+
|
115
|
+
```ruby
|
116
|
+
Doorkeeper::OpenidConnect.configure do
|
117
|
+
claims do
|
118
|
+
claim :email do |resource_owner|
|
119
|
+
resource_owner.email
|
70
120
|
end
|
71
121
|
|
72
|
-
|
122
|
+
claim :full_name do |resource_owner|
|
123
|
+
"#{resource_owner.first_name} #{resource_owner.last_name}"
|
124
|
+
end
|
125
|
+
end
|
126
|
+
end
|
127
|
+
```
|
128
|
+
|
129
|
+
You can pass a `scope:` keyword argument on each claim to specify which OAuth scope should be required to access the claim. If you define any of the defined [Standard Claims](http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims) they will by default use their [corresponding scopes](http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims) (`profile`, `email`, `address` and `phone`), and any other claims will by default use the `profile` scope. Again, to use any of these scopes you need to enable them as described above.
|
130
|
+
|
131
|
+
### Routes
|
132
|
+
|
133
|
+
The installation generator will update your `config/routes.rb` to define all required routes:
|
134
|
+
|
135
|
+
``` ruby
|
136
|
+
Rails.application.routes.draw do
|
137
|
+
use_doorkeeper_openid_connect
|
138
|
+
# your routes
|
139
|
+
end
|
140
|
+
```
|
141
|
+
|
142
|
+
This will mount the following routes:
|
143
|
+
|
144
|
+
```
|
145
|
+
GET /oauth/userinfo
|
146
|
+
POST /oauth/userinfo
|
147
|
+
GET /oauth/discovery/keys
|
148
|
+
GET /.well-known/openid-configuration
|
149
|
+
GET /.well-known/webfinger
|
150
|
+
```
|
151
|
+
|
152
|
+
### Nonces
|
153
|
+
|
154
|
+
To support clients who send nonces you have to tweak Doorkeeper's authorization view so the parameter is passed on.
|
155
|
+
|
156
|
+
If you don't already have custom templates, run this generator in your Rails application to add them:
|
157
|
+
|
158
|
+
```sh
|
159
|
+
rails generate doorkeeper:views
|
160
|
+
```
|
161
|
+
|
162
|
+
Then tweak the template as follows:
|
163
|
+
|
164
|
+
```patch
|
165
|
+
--- i/app/views/doorkeeper/authorizations/new.html.erb
|
166
|
+
+++ w/app/views/doorkeeper/authorizations/new.html.erb
|
167
|
+
@@ -26,6 +26,7 @@
|
168
|
+
<%= hidden_field_tag :state, @pre_auth.state %>
|
169
|
+
<%= hidden_field_tag :response_type, @pre_auth.response_type %>
|
170
|
+
<%= hidden_field_tag :scope, @pre_auth.scope %>
|
171
|
+
+ <%= hidden_field_tag :nonce, @pre_auth.nonce %>
|
172
|
+
<%= submit_tag t('doorkeeper.authorizations.buttons.authorize'), class: "btn btn-success btn-lg btn-block" %>
|
173
|
+
<% end %>
|
174
|
+
<%= form_tag oauth_authorization_path, method: :delete do %>
|
175
|
+
@@ -34,6 +35,7 @@
|
176
|
+
<%= hidden_field_tag :state, @pre_auth.state %>
|
177
|
+
<%= hidden_field_tag :response_type, @pre_auth.response_type %>
|
178
|
+
<%= hidden_field_tag :scope, @pre_auth.scope %>
|
179
|
+
+ <%= hidden_field_tag :nonce, @pre_auth.nonce %>
|
180
|
+
<%= submit_tag t('doorkeeper.authorizations.buttons.deny'), class: "btn btn-danger btn-lg btn-block" %>
|
181
|
+
<% end %>
|
182
|
+
</div>
|
183
|
+
```
|
73
184
|
|
74
|
-
|
185
|
+
## Development
|
75
186
|
|
76
|
-
|
77
|
-
* jws_public_key - public key for JSON Web Signature(https://tools.ietf.org/html/draft-ietf-jose-json-web-signature-31)
|
78
|
-
* resource_owner_from_access_token - defines how to translate the doorkeeper access_token to a resource owner model
|
187
|
+
Run `bundle install` to setup all development dependencies.
|
79
188
|
|
80
|
-
|
189
|
+
To run all specs:
|
81
190
|
|
82
|
-
|
83
|
-
|
191
|
+
```sh
|
192
|
+
bundle exec rspec
|
193
|
+
```
|
84
194
|
|
85
|
-
|
195
|
+
To run the local engine server:
|
86
196
|
|
87
|
-
|
88
|
-
|
197
|
+
```sh
|
198
|
+
cd spec/dummy
|
199
|
+
bundle exec rails server
|
200
|
+
```
|
89
201
|
|
90
|
-
|
202
|
+
By default, the latest Rails version is used. To use a specific version run:
|
91
203
|
|
92
|
-
|
204
|
+
```
|
205
|
+
rails=4.2.0 bundle update
|
206
|
+
```
|
93
207
|
|
94
|
-
##
|
208
|
+
## License
|
95
209
|
|
96
|
-
|
210
|
+
Doorkeeper::OpenidConnect is released under the [MIT License](http://www.opensource.org/licenses/MIT).
|
97
211
|
|
98
|
-
##
|
212
|
+
## Sponsors
|
99
213
|
|
100
|
-
|
101
|
-
2. Create your feature branch (`git checkout -b my-new-feature`)
|
102
|
-
3. Commit your changes (`git commit -am 'Add some feature'`)
|
103
|
-
4. Push to the branch (`git push origin my-new-feature`)
|
104
|
-
5. Create new Pull Request
|
214
|
+
Initial development of this project was sponsored by [PlayOn! Sports](https://github.com/playon).
|