doorkeeper-openid_connect 1.3.0 → 1.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of doorkeeper-openid_connect might be problematic. Click here for more details.
- checksums.yaml +5 -5
- data/.ruby-version +1 -1
- data/.travis.yml +5 -10
- data/CHANGELOG.md +18 -10
- data/README.md +2 -2
- data/doorkeeper-openid_connect.gemspec +1 -1
- data/lib/doorkeeper/openid_connect/helpers/controller.rb +7 -2
- data/lib/doorkeeper/openid_connect/oauth/token_response.rb +3 -1
- data/lib/doorkeeper/openid_connect/version.rb +1 -1
- metadata +4 -5
- data/lib/doorkeeper/openid_connect/oauth/authorization/token.rb +0 -22
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: defedf139499d938426be645c79d6ebb7820ecd4baf0ba3ba6c336d34a875ac4
|
|
4
|
+
data.tar.gz: 3f15400f9072e08e94b4a9cf981eda471cbe40b42a36fcf4677f2c3ab7c90baa
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1e14d1999dd2e03825db07580b0f09543ec7d71774e9362481873c27bc75fc5752396cb0b3c707756a07e7d45df50437386d61eabe41b883bddc8e9c6a1da860
|
|
7
|
+
data.tar.gz: 8c0b028d6062dff302ec108f3f893f1f36a0e2f75a6f1829688fc7b5d81ae335949bb7d6b3308d3532c0cbd91f0c1f569ec11b05511e60b2357e080e1cfb9d57
|
data/.ruby-version
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
2.
|
|
1
|
+
2.5.0
|
data/.travis.yml
CHANGED
|
@@ -3,7 +3,8 @@ language: ruby
|
|
|
3
3
|
cache: bundler
|
|
4
4
|
|
|
5
5
|
before_install:
|
|
6
|
-
- gem update
|
|
6
|
+
- gem update --system
|
|
7
|
+
- gem install bundler
|
|
7
8
|
|
|
8
9
|
before_script:
|
|
9
10
|
- bundle update
|
|
@@ -16,12 +17,6 @@ env:
|
|
|
16
17
|
- rails=5.0.0
|
|
17
18
|
|
|
18
19
|
rvm:
|
|
19
|
-
- 2.
|
|
20
|
-
- 2.
|
|
21
|
-
- 2.
|
|
22
|
-
- 2.4.1
|
|
23
|
-
|
|
24
|
-
matrix:
|
|
25
|
-
exclude:
|
|
26
|
-
- env: rails=5.0.0
|
|
27
|
-
rvm: 2.1
|
|
20
|
+
- 2.3
|
|
21
|
+
- 2.4
|
|
22
|
+
- 2.5
|
data/CHANGELOG.md
CHANGED
|
@@ -1,13 +1,24 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
1
|
+
## Unreleased
|
|
2
|
+
|
|
3
|
+
## v1.4.0 (2018-05-31)
|
|
4
|
+
|
|
5
|
+
### Upgrading
|
|
6
|
+
|
|
7
|
+
- Support for Ruby versions older than 2.3 was dropped
|
|
8
|
+
|
|
9
|
+
### Features
|
|
10
|
+
|
|
11
|
+
- Redirect errors per Section 3.1.2.6 of OpenID Connect 1.0 (by @ryands)
|
|
12
|
+
- Set `id_token` when it's nil in token response (it's used in `refresh_token` requests) (by @Miouge1)
|
|
13
|
+
|
|
14
|
+
## v1.3.0 (2018-03-05)
|
|
3
15
|
|
|
4
16
|
### Features
|
|
5
17
|
|
|
6
18
|
- Support for Implicit Flow (`response_type=id_token` and `response_type=id_token token`),
|
|
7
19
|
see the updated README for usage instructions (by @nashby, @nhance and @stevenvegt)
|
|
8
20
|
|
|
9
|
-
|
|
10
|
-
### v1.2.0 (2017-08-31)
|
|
21
|
+
## v1.2.0 (2017-08-31)
|
|
11
22
|
|
|
12
23
|
### Upgrading
|
|
13
24
|
|
|
@@ -21,15 +32,13 @@
|
|
|
21
32
|
|
|
22
33
|
### Bugfixes
|
|
23
34
|
|
|
24
|
-
|
|
25
|
-
### v1.1.2 (2017-01-18)
|
|
35
|
+
## v1.1.2 (2017-01-18)
|
|
26
36
|
|
|
27
37
|
### Bugfixes
|
|
28
38
|
|
|
29
39
|
- Fixes the `undefined local variable or method 'pre_auth'` error
|
|
30
40
|
|
|
31
|
-
|
|
32
|
-
### v1.1.1 (2017-01-18)
|
|
41
|
+
## v1.1.1 (2017-01-18)
|
|
33
42
|
|
|
34
43
|
#### Upgrading
|
|
35
44
|
|
|
@@ -53,8 +62,7 @@
|
|
|
53
62
|
- Allow `json-jwt` dependency at ~> 1.6. (by @nbibler)
|
|
54
63
|
- Configuration blocks no longer internally use `instance_eval` which previously gave undocumented and unexpected `self` access to the caller (by @nbibler)
|
|
55
64
|
|
|
56
|
-
|
|
57
|
-
### v1.1.0 (2016-11-30)
|
|
65
|
+
## v1.1.0 (2016-11-30)
|
|
58
66
|
|
|
59
67
|
This release is a general clean-up and adds support for some advanced OpenID Connect features.
|
|
60
68
|
|
data/README.md
CHANGED
|
@@ -28,7 +28,7 @@ OpenID Connect is a single-sign-on and identity layer with a [growing list of se
|
|
|
28
28
|
|
|
29
29
|
The following parts of [OpenID Connect Core 1.0](http://openid.net/specs/openid-connect-core-1_0.html) are currently supported:
|
|
30
30
|
- [Authentication using the Authorization Code Flow](http://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth)
|
|
31
|
-
- [Implicit Flow](http://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth)
|
|
31
|
+
- [Authentication using the Implicit Flow](http://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth)
|
|
32
32
|
- [Requesting Claims using Scope Values](http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims)
|
|
33
33
|
- [UserInfo Endpoint](http://openid.net/specs/openid-connect-core-1_0.html#UserInfo)
|
|
34
34
|
- [Normal Claims](http://openid.net/specs/openid-connect-core-1_0.html#NormalClaims)
|
|
@@ -143,7 +143,7 @@ The following settings are optional:
|
|
|
143
143
|
- `protocol`
|
|
144
144
|
- The protocol to use when generating URIs for the discovery endpoints.
|
|
145
145
|
- The default is `https` for production, and `http` for all other environments
|
|
146
|
-
- Note that the
|
|
146
|
+
- Note that the OIDC specification mandates HTTPS, so you shouldn't change this
|
|
147
147
|
for production environments unless you have a really good reason!
|
|
148
148
|
|
|
149
149
|
### Scopes
|
|
@@ -17,7 +17,7 @@ Gem::Specification.new do |spec|
|
|
|
17
17
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
|
18
18
|
spec.require_paths = ['lib']
|
|
19
19
|
|
|
20
|
-
spec.required_ruby_version = ">= 2.
|
|
20
|
+
spec.required_ruby_version = ">= 2.3"
|
|
21
21
|
|
|
22
22
|
spec.add_runtime_dependency 'doorkeeper', '~> 4.3'
|
|
23
23
|
spec.add_runtime_dependency 'json-jwt', '~> 1.6'
|
|
@@ -19,9 +19,14 @@ module Doorkeeper
|
|
|
19
19
|
# FIXME: workaround for Rails 5, see https://github.com/rails/rails/issues/25106
|
|
20
20
|
@_response_body = nil
|
|
21
21
|
|
|
22
|
-
error = ::Doorkeeper::OAuth::ErrorResponse.new(name: exception.error_name)
|
|
22
|
+
error = ::Doorkeeper::OAuth::ErrorResponse.new(name: exception.error_name, state: params[:state], redirect_uri: params[:redirect_uri])
|
|
23
23
|
response.headers.merge!(error.headers)
|
|
24
|
-
|
|
24
|
+
|
|
25
|
+
if error.redirectable?
|
|
26
|
+
render json: error.body, status: :found, location: error.redirect_uri
|
|
27
|
+
else
|
|
28
|
+
render json: error.body, status: error.status
|
|
29
|
+
end
|
|
25
30
|
end
|
|
26
31
|
|
|
27
32
|
def handle_prompt_param!(owner)
|
|
@@ -6,8 +6,10 @@ module Doorkeeper
|
|
|
6
6
|
|
|
7
7
|
def body
|
|
8
8
|
if token.includes_scope? 'openid'
|
|
9
|
+
id_token = self.id_token || Doorkeeper::OpenidConnect::IdToken.new(token)
|
|
10
|
+
|
|
9
11
|
super
|
|
10
|
-
.merge(id_token: id_token.
|
|
12
|
+
.merge(id_token: id_token.as_jws_token)
|
|
11
13
|
.reject { |_, value| value.blank? }
|
|
12
14
|
else
|
|
13
15
|
super
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: doorkeeper-openid_connect
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sam Dengler
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2018-
|
|
12
|
+
date: 2018-05-31 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: doorkeeper
|
|
@@ -149,7 +149,6 @@ files:
|
|
|
149
149
|
- lib/doorkeeper/openid_connect/id_token.rb
|
|
150
150
|
- lib/doorkeeper/openid_connect/id_token_token.rb
|
|
151
151
|
- lib/doorkeeper/openid_connect/oauth/authorization/code.rb
|
|
152
|
-
- lib/doorkeeper/openid_connect/oauth/authorization/token.rb
|
|
153
152
|
- lib/doorkeeper/openid_connect/oauth/authorization_code_request.rb
|
|
154
153
|
- lib/doorkeeper/openid_connect/oauth/password_access_token_request.rb
|
|
155
154
|
- lib/doorkeeper/openid_connect/oauth/pre_authorization.rb
|
|
@@ -181,7 +180,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
181
180
|
requirements:
|
|
182
181
|
- - ">="
|
|
183
182
|
- !ruby/object:Gem::Version
|
|
184
|
-
version: '2.
|
|
183
|
+
version: '2.3'
|
|
185
184
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
186
185
|
requirements:
|
|
187
186
|
- - ">="
|
|
@@ -189,7 +188,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
189
188
|
version: '0'
|
|
190
189
|
requirements: []
|
|
191
190
|
rubyforge_project:
|
|
192
|
-
rubygems_version: 2.6
|
|
191
|
+
rubygems_version: 2.7.6
|
|
193
192
|
signing_key:
|
|
194
193
|
specification_version: 4
|
|
195
194
|
summary: OpenID Connect extension for Doorkeeper.
|
|
@@ -1,22 +0,0 @@
|
|
|
1
|
-
module Doorkeeper
|
|
2
|
-
module OpenidConnect
|
|
3
|
-
module OAuth
|
|
4
|
-
module Authorization
|
|
5
|
-
module Code
|
|
6
|
-
def issue_token
|
|
7
|
-
super.tap do |access_grant|
|
|
8
|
-
if pre_auth.nonce.present?
|
|
9
|
-
::Doorkeeper::OpenidConnect::Request.create!(
|
|
10
|
-
access_grant: access_grant,
|
|
11
|
-
nonce: pre_auth.nonce
|
|
12
|
-
)
|
|
13
|
-
end
|
|
14
|
-
end
|
|
15
|
-
end
|
|
16
|
-
end
|
|
17
|
-
end
|
|
18
|
-
end
|
|
19
|
-
end
|
|
20
|
-
|
|
21
|
-
OAuth::Authorization::Code.send :prepend, OpenidConnect::OAuth::Authorization::Code
|
|
22
|
-
end
|