doorkeeper-openid_connect 1.4.0 → 1.5.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of doorkeeper-openid_connect might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -0
- data/README.md +9 -3
- data/lib/doorkeeper/openid_connect/claims/claim.rb +2 -1
- data/lib/doorkeeper/openid_connect/claims_builder.rb +12 -1
- data/lib/doorkeeper/openid_connect/id_token.rb +1 -1
- data/lib/doorkeeper/openid_connect/user_info.rb +3 -19
- data/lib/doorkeeper/openid_connect/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5172b552ec9538b0240ad89c267e8037dd9b80af545d8be200d68b576cf9b3d2
|
4
|
+
data.tar.gz: c04817d1e4f4eb63820f90e020ce512ae9b83595b0cada119a18c40cd24c84cf
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1c3fd78060e9f2404b3b31e33d7d5331080ed2598db62bed1f464be0423954be784d8183b7960ce887a5bbd1a9bb60498d8992009b2ee05499ffae09a7c43be4
|
7
|
+
data.tar.gz: dd96da3ef9d513120cd3b06db8dbfd5e37cfb97807e57cd109217765becd84548f969141caeb3b14c30f549e1dec94ac92f2bd55fe886dc2e01954397f7d327b
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
@@ -115,8 +115,8 @@ The following settings are required in `config/initializers/doorkeeper_openid_co
|
|
115
115
|
end
|
116
116
|
```
|
117
117
|
|
118
|
-
- `
|
119
|
-
- Private key for [JSON Web Signature](https://tools.ietf.org/html/draft-ietf-jose-json-web-signature-31).
|
118
|
+
- `signing_key`
|
119
|
+
- Private key to be used for [JSON Web Signature](https://tools.ietf.org/html/draft-ietf-jose-json-web-signature-31).
|
120
120
|
- You can generate a private key with the `openssl` command, see e.g. [Generate an RSA keypair using OpenSSL](https://en.wikibooks.org/wiki/Cryptography/Generate_a_keypair_using_OpenSSL).
|
121
121
|
- You should not commit the key to your repository, but use an external file (in combination with `File.read`) and/or the [dotenv-rails](https://github.com/bkeepers/dotenv) gem (in combination with `ENV[...]`).
|
122
122
|
- `signing_algorithm`
|
@@ -174,11 +174,17 @@ Doorkeeper::OpenidConnect.configure do
|
|
174
174
|
# `profile` scope access. Otherwise, provide a more generic alternative.
|
175
175
|
application_scopes.exists?(:profile) ? resource_owner.preferred_username : "summer-sun-9449"
|
176
176
|
end
|
177
|
+
|
178
|
+
claim :groups, response: [:id_token, :user_info] do |resource_owner|
|
179
|
+
resource_owner.groups
|
180
|
+
end
|
177
181
|
end
|
178
182
|
end
|
179
183
|
```
|
180
184
|
|
181
|
-
|
185
|
+
By default all custom claims are only returned from the `UserInfo` endpoint and not included in the ID token. You can optionally pass a `response:` keyword with one or both of the symbols `:id_token` or `:user_info` to specify where the claim should be returned.
|
186
|
+
|
187
|
+
You can also pass a `scope:` keyword argument on each claim to specify which OAuth scope should be required to access the claim. If you define any of the defined [Standard Claims](http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims) they will by default use their [corresponding scopes](http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims) (`profile`, `email`, `address` and `phone`), and any other claims will by default use the `profile` scope. Again, to use any of these scopes you need to enable them as described above.
|
182
188
|
|
183
189
|
### Routes
|
184
190
|
|
@@ -2,7 +2,7 @@ module Doorkeeper
|
|
2
2
|
module OpenidConnect
|
3
3
|
module Claims
|
4
4
|
class Claim
|
5
|
-
attr_accessor :name, :scope
|
5
|
+
attr_accessor :name, :response, :scope
|
6
6
|
|
7
7
|
# http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
|
8
8
|
# http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims
|
@@ -18,6 +18,7 @@ module Doorkeeper
|
|
18
18
|
|
19
19
|
def initialize(options = {})
|
20
20
|
@name = options[:name].to_sym
|
21
|
+
@response = Array.wrap(options[:response])
|
21
22
|
@scope = options[:scope].to_sym if options[:scope]
|
22
23
|
|
23
24
|
# use default scope for Standard Claims
|
@@ -3,6 +3,16 @@ require 'ostruct'
|
|
3
3
|
module Doorkeeper
|
4
4
|
module OpenidConnect
|
5
5
|
class ClaimsBuilder
|
6
|
+
def self.generate(access_token, response)
|
7
|
+
resource_owner = Doorkeeper::OpenidConnect.configuration.resource_owner_from_access_token.call(access_token)
|
8
|
+
|
9
|
+
Doorkeeper::OpenidConnect.configuration.claims.to_h.map do |name, claim|
|
10
|
+
if access_token.scopes.exists?(claim.scope) && claim.response.include?(response)
|
11
|
+
[name, claim.generator.call(resource_owner, access_token.scopes, access_token)]
|
12
|
+
end
|
13
|
+
end.compact.to_h
|
14
|
+
end
|
15
|
+
|
6
16
|
def initialize(&block)
|
7
17
|
@claims = OpenStruct.new
|
8
18
|
instance_eval(&block)
|
@@ -12,10 +22,11 @@ module Doorkeeper
|
|
12
22
|
@claims
|
13
23
|
end
|
14
24
|
|
15
|
-
def normal_claim(name, scope: nil, &block)
|
25
|
+
def normal_claim(name, response: [:user_info], scope: nil, &block)
|
16
26
|
@claims[name] =
|
17
27
|
Claims::NormalClaim.new(
|
18
28
|
name: name,
|
29
|
+
response: response,
|
19
30
|
scope: scope,
|
20
31
|
generator: block
|
21
32
|
)
|
@@ -8,7 +8,9 @@ module Doorkeeper
|
|
8
8
|
end
|
9
9
|
|
10
10
|
def claims
|
11
|
-
|
11
|
+
{
|
12
|
+
sub: subject
|
13
|
+
}.merge ClaimsBuilder.generate(@access_token, :user_info)
|
12
14
|
end
|
13
15
|
|
14
16
|
def as_json(*_)
|
@@ -17,20 +19,6 @@ module Doorkeeper
|
|
17
19
|
|
18
20
|
private
|
19
21
|
|
20
|
-
def base_claims
|
21
|
-
{
|
22
|
-
sub: subject
|
23
|
-
}
|
24
|
-
end
|
25
|
-
|
26
|
-
def resource_owner_claims
|
27
|
-
Doorkeeper::OpenidConnect.configuration.claims.to_h.map do |name, claim|
|
28
|
-
if scopes.exists? claim.scope
|
29
|
-
[name, claim.generator.call(resource_owner, scopes, @access_token)]
|
30
|
-
end
|
31
|
-
end.compact.to_h
|
32
|
-
end
|
33
|
-
|
34
22
|
def subject
|
35
23
|
Doorkeeper::OpenidConnect.configuration.subject.call(resource_owner, application).to_s
|
36
24
|
end
|
@@ -42,10 +30,6 @@ module Doorkeeper
|
|
42
30
|
def application
|
43
31
|
@application ||= @access_token.application
|
44
32
|
end
|
45
|
-
|
46
|
-
def scopes
|
47
|
-
@scopes ||= @access_token.scopes
|
48
|
-
end
|
49
33
|
end
|
50
34
|
end
|
51
35
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: doorkeeper-openid_connect
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.5.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sam Dengler
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2018-
|
12
|
+
date: 2018-06-27 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: doorkeeper
|