doorkeeper-openid_connect 1.3.0 → 1.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 3533bb17ae7ec3e41b8c43eac5bd78cc34a9aed3
-  data.tar.gz: bfe300fda2bd2658eec78cc74c33f2c63856d121
+SHA256:
+  metadata.gz: defedf139499d938426be645c79d6ebb7820ecd4baf0ba3ba6c336d34a875ac4
+  data.tar.gz: 3f15400f9072e08e94b4a9cf981eda471cbe40b42a36fcf4677f2c3ab7c90baa
 SHA512:
-  metadata.gz: 348b4ea59e13c2a1597d2d85a2961b183c0088c64d3f055539f13175c33d7269e7e66d70c1f4fa87a17ba8627ce8548d7070809274f0abf47476f90dc38e0a0f
-  data.tar.gz: cad47c48ac11b98c657706815748cae81eb8cba177fbfa1b1369cc9c21f26eb7000aff5e46ecb231e55fb8811ffdd1e4ea13952f3421e8c614ff341cba736489
+  metadata.gz: 1e14d1999dd2e03825db07580b0f09543ec7d71774e9362481873c27bc75fc5752396cb0b3c707756a07e7d45df50437386d61eabe41b883bddc8e9c6a1da860
+  data.tar.gz: 8c0b028d6062dff302ec108f3f893f1f36a0e2f75a6f1829688fc7b5d81ae335949bb7d6b3308d3532c0cbd91f0c1f569ec11b05511e60b2357e080e1cfb9d57

data/.ruby-version

@@ -1 +1 @@
-2.3.3
+2.5.0

data/.travis.yml

@@ -3,7 +3,8 @@ language: ruby
 cache: bundler
 
 before_install:
-  - gem update bundler
+  - gem update --system
+  - gem install bundler
 
 before_script:
   - bundle update
@@ -16,12 +17,6 @@ env:
   - rails=5.0.0
 
 rvm:
-  - 2.1
-  - 2.2.7
-  - 2.3.4
-  - 2.4.1
-
-matrix:
-  exclude:
-    - env: rails=5.0.0
-      rvm: 2.1
+  - 2.3
+  - 2.4
+  - 2.5

data/CHANGELOG.md

@@ -1,13 +1,24 @@
-<a name="v1.3.0"></a>
-### v1.3.0 (2018-03-05)
+## Unreleased
+
+## v1.4.0 (2018-05-31)
+
+### Upgrading
+
+- Support for Ruby versions older than 2.3 was dropped
+
+### Features
+
+- Redirect errors per Section 3.1.2.6 of OpenID Connect 1.0 (by @ryands)
+- Set `id_token` when it's nil in token response (it's used in `refresh_token` requests) (by @Miouge1)
+
+## v1.3.0 (2018-03-05)
 
 ### Features
 
 - Support for Implicit Flow (`response_type=id_token` and `response_type=id_token token`),
   see the updated README for usage instructions (by @nashby, @nhance and @stevenvegt)
 
-<a name="v1.2.0"></a>
-### v1.2.0 (2017-08-31)
+## v1.2.0 (2017-08-31)
 
 ### Upgrading
 
@@ -21,15 +32,13 @@
 
 ### Bugfixes
 
-<a name="v1.1.2"></a>
-### v1.1.2 (2017-01-18)
+## v1.1.2 (2017-01-18)
 
 ### Bugfixes
 
 - Fixes the `undefined local variable or method 'pre_auth'` error
 
-<a name="v1.1.1"></a>
-### v1.1.1 (2017-01-18)
+## v1.1.1 (2017-01-18)
 
 #### Upgrading
 
@@ -53,8 +62,7 @@
 - Allow `json-jwt` dependency at ~> 1.6. (by @nbibler)
 - Configuration blocks no longer internally use `instance_eval` which previously gave undocumented and unexpected `self` access to the caller (by @nbibler)
 
-<a name="v1.1.0"></a>
-### v1.1.0 (2016-11-30)
+## v1.1.0 (2016-11-30)
 
 This release is a general clean-up and adds support for some advanced OpenID Connect features.
 

data/README.md

@@ -28,7 +28,7 @@ OpenID Connect is a single-sign-on and identity layer with a [growing list of se
 
 The following parts of [OpenID Connect Core 1.0](http://openid.net/specs/openid-connect-core-1_0.html) are currently supported:
 - [Authentication using the Authorization Code Flow](http://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth)
-- [Implicit Flow](http://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth)
+- [Authentication using the Implicit Flow](http://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth)
 - [Requesting Claims using Scope Values](http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims)
 - [UserInfo Endpoint](http://openid.net/specs/openid-connect-core-1_0.html#UserInfo)
 - [Normal Claims](http://openid.net/specs/openid-connect-core-1_0.html#NormalClaims)
@@ -143,7 +143,7 @@ The following settings are optional:
 - `protocol`
   - The protocol to use when generating URIs for the discovery endpoints.
   - The default is `https` for production, and `http` for all other environments
-  - Note that the OIC specification mandates HTTPS, so you shouldn't change this
+  - Note that the OIDC specification mandates HTTPS, so you shouldn't change this
     for production environments unless you have a really good reason!
 
 ### Scopes

data/doorkeeper-openid_connect.gemspec

@@ -17,7 +17,7 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
 
-  spec.required_ruby_version = ">= 2.1"
+  spec.required_ruby_version = ">= 2.3"
 
   spec.add_runtime_dependency 'doorkeeper', '~> 4.3'
   spec.add_runtime_dependency 'json-jwt', '~> 1.6'

data/lib/doorkeeper/openid_connect/helpers/controller.rb

@@ -19,9 +19,14 @@ module Doorkeeper
           # FIXME: workaround for Rails 5, see https://github.com/rails/rails/issues/25106
           @_response_body = nil
 
-          error = ::Doorkeeper::OAuth::ErrorResponse.new(name: exception.error_name)
+          error = ::Doorkeeper::OAuth::ErrorResponse.new(name: exception.error_name, state: params[:state], redirect_uri: params[:redirect_uri])
           response.headers.merge!(error.headers)
-          render json: error.body, status: error.status
+
+          if error.redirectable?
+            render json: error.body, status: :found, location: error.redirect_uri
+          else
+            render json: error.body, status: error.status
+          end
         end
 
         def handle_prompt_param!(owner)

data/lib/doorkeeper/openid_connect/oauth/token_response.rb

@@ -6,8 +6,10 @@ module Doorkeeper
 
         def body
           if token.includes_scope? 'openid'
+            id_token = self.id_token || Doorkeeper::OpenidConnect::IdToken.new(token)
+
             super
-              .merge(id_token: id_token.try(:as_jws_token))
+              .merge(id_token: id_token.as_jws_token)
               .reject { |_, value| value.blank? }
           else
             super

data/lib/doorkeeper/openid_connect/version.rb

@@ -1,5 +1,5 @@
 module Doorkeeper
   module OpenidConnect
-    VERSION = '1.3.0'.freeze
+    VERSION = '1.4.0'.freeze
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: doorkeeper-openid_connect
 version: !ruby/object:Gem::Version
-  version: 1.3.0
+  version: 1.4.0
 platform: ruby
 authors:
 - Sam Dengler
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-03-05 00:00:00.000000000 Z
+date: 2018-05-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: doorkeeper
@@ -149,7 +149,6 @@ files:
 - lib/doorkeeper/openid_connect/id_token.rb
 - lib/doorkeeper/openid_connect/id_token_token.rb
 - lib/doorkeeper/openid_connect/oauth/authorization/code.rb
-- lib/doorkeeper/openid_connect/oauth/authorization/token.rb
 - lib/doorkeeper/openid_connect/oauth/authorization_code_request.rb
 - lib/doorkeeper/openid_connect/oauth/password_access_token_request.rb
 - lib/doorkeeper/openid_connect/oauth/pre_authorization.rb
@@ -181,7 +180,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.1'
+      version: '2.3'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
@@ -189,7 +188,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.10
+rubygems_version: 2.7.6
 signing_key: 
 specification_version: 4
 summary: OpenID Connect extension for Doorkeeper.

data/lib/doorkeeper/openid_connect/oauth/authorization/token.rb

@@ -1,22 +0,0 @@
-module Doorkeeper
-  module OpenidConnect
-    module OAuth
-      module Authorization
-        module Code
-          def issue_token
-            super.tap do |access_grant|
-              if pre_auth.nonce.present?
-                ::Doorkeeper::OpenidConnect::Request.create!(
-                  access_grant: access_grant,
-                  nonce: pre_auth.nonce
-                )
-              end
-            end
-          end
-        end
-      end
-    end
-  end
-
-  OAuth::Authorization::Code.send :prepend, OpenidConnect::OAuth::Authorization::Code
-end