doorkeeper-openid_connect 1.7.0 → 1.7.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (54) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +62 -2
  3. data/README.md +40 -0
  4. data/app/controllers/doorkeeper/authorizations_controller.rb +17 -0
  5. data/app/controllers/doorkeeper/openid_connect/discovery_controller.rb +48 -26
  6. data/app/controllers/doorkeeper/openid_connect/userinfo_controller.rb +5 -1
  7. data/config/locales/en.yml +1 -0
  8. data/lib/doorkeeper/oauth/id_token_request.rb +8 -12
  9. data/lib/doorkeeper/oauth/id_token_response.rb +2 -0
  10. data/lib/doorkeeper/oauth/id_token_token_request.rb +2 -0
  11. data/lib/doorkeeper/oauth/id_token_token_response.rb +2 -0
  12. data/lib/doorkeeper/openid_connect.rb +26 -1
  13. data/lib/doorkeeper/openid_connect/claims/aggregated_claim.rb +2 -0
  14. data/lib/doorkeeper/openid_connect/claims/claim.rb +6 -4
  15. data/lib/doorkeeper/openid_connect/claims/distributed_claim.rb +2 -0
  16. data/lib/doorkeeper/openid_connect/claims/normal_claim.rb +2 -0
  17. data/lib/doorkeeper/openid_connect/claims_builder.rb +3 -1
  18. data/lib/doorkeeper/openid_connect/config.rb +24 -10
  19. data/lib/doorkeeper/openid_connect/engine.rb +2 -0
  20. data/lib/doorkeeper/openid_connect/errors.rb +2 -1
  21. data/lib/doorkeeper/openid_connect/helpers/controller.rb +45 -29
  22. data/lib/doorkeeper/openid_connect/id_token.rb +4 -2
  23. data/lib/doorkeeper/openid_connect/id_token_token.rb +2 -0
  24. data/lib/doorkeeper/openid_connect/oauth/authorization/code.rb +25 -8
  25. data/lib/doorkeeper/openid_connect/oauth/authorization_code_request.rb +4 -2
  26. data/lib/doorkeeper/openid_connect/oauth/password_access_token_request.rb +3 -1
  27. data/lib/doorkeeper/openid_connect/oauth/pre_authorization.rb +24 -3
  28. data/lib/doorkeeper/openid_connect/oauth/token_response.rb +3 -1
  29. data/lib/doorkeeper/openid_connect/orm/active_record.rb +2 -0
  30. data/lib/doorkeeper/openid_connect/orm/active_record/access_grant.rb +3 -1
  31. data/lib/doorkeeper/openid_connect/orm/active_record/request.rb +5 -3
  32. data/lib/doorkeeper/openid_connect/rails/routes.rb +3 -1
  33. data/lib/doorkeeper/openid_connect/rails/routes/mapper.rb +2 -0
  34. data/lib/doorkeeper/openid_connect/rails/routes/mapping.rb +2 -0
  35. data/lib/doorkeeper/openid_connect/response_mode.rb +30 -0
  36. data/lib/doorkeeper/openid_connect/response_types_config.rb +2 -2
  37. data/lib/doorkeeper/openid_connect/user_info.rb +2 -0
  38. data/lib/doorkeeper/openid_connect/version.rb +3 -1
  39. data/lib/doorkeeper/request/id_token.rb +2 -0
  40. data/lib/doorkeeper/request/id_token_token.rb +2 -0
  41. data/lib/generators/doorkeeper/openid_connect/install_generator.rb +4 -2
  42. data/lib/generators/doorkeeper/openid_connect/migration_generator.rb +3 -1
  43. data/lib/generators/doorkeeper/openid_connect/templates/initializer.rb +19 -5
  44. data/lib/generators/doorkeeper/openid_connect/templates/migration.rb.erb +3 -2
  45. metadata +35 -36
  46. data/.gitignore +0 -8
  47. data/.ruby-version +0 -1
  48. data/.travis.yml +0 -27
  49. data/CONTRIBUTING.md +0 -45
  50. data/Gemfile +0 -8
  51. data/Rakefile +0 -24
  52. data/bin/console +0 -9
  53. data/bin/setup +0 -8
  54. data/doorkeeper-openid_connect.gemspec +0 -32
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9f38540bf15e49809e21423a76e0fd8313c5494aee4a3537f6b6d1bcd5645951
4
- data.tar.gz: d1408e8c1a4755356746a55957dbc941242fb266ead2e5f92d29d46646258958
3
+ metadata.gz: 8faf5bba278059c030aab079426353b543baa68bc374991f6ba243454cd09aac
4
+ data.tar.gz: 06f56eb8b593086cc03fee056efb4d82447fd40cdd341b354ed371fde47dec63
5
5
  SHA512:
6
- metadata.gz: 71ca0f37f65e787785550e64d4b5fc4ad05ad74ec93601e909924d1984f6b42612c4856bc8439373f8af52a8958e0e80beaf711ed78b012784eb941f46aeb889
7
- data.tar.gz: f5c46bc891ed65513493cbeb7304fe76c04a62c03e8ce51b5f1849319da9be27bfa304b5064e028421a88583db4adf4e3ec71e3c4d900fd6ff850e44fa76a826
6
+ metadata.gz: d40202cdca7cddf5606674a4c08a4894ba9be7f8ec072520c73e81e1da48c87ba3e1c95573e0baa1ddcccaa20201eeb76d9af947e3f772223f2a4c658c730e92
7
+ data.tar.gz: a36e15a4cdc316a82a67cc842731149ec5522e27dc21569d2c33bdbe292afc5bc81d6c4f93679c0b7ada133dcfb5e43ae4250470709a58371664f83d983e38bb
@@ -1,8 +1,68 @@
1
1
  ## Unreleased
2
2
 
3
- No changes yet.
3
+ ## v1.7.5 (2020-12-15)
4
4
 
5
- ## v1.7.0
5
+ ### Changes
6
+
7
+ - [#126] Add discovery_url_options option for discovery endpoints URL generation (thanks to @phlegx)
8
+
9
+ ### Bugfixes
10
+
11
+ - [#123] Remove reference to ApplicationRecord (thanks to @wheeyls)
12
+ - [#124] Clone doorkeeper.grant_flows array before appending 'refresh_token' (thanks to @davidbasalla)
13
+ - [#129] Avoid to use the config alias while supporting Doorkeeper 5.2 (thanks to @kymmt90)
14
+
15
+ ## v1.7.4 (2020-07-06)
16
+
17
+ - [#119] Execute end_session_endpoint in the controllers context (thanks to @joeljunstrom)
18
+
19
+ ## v1.7.3 (2020-07-06)
20
+
21
+ - [#111] Add configuration callback `select_account_for_resource_owner` to support the `prompt=select_account` param
22
+ - [#112] Add grant_types_supported to discovery response
23
+ - [#114] Fix user_info endpoint when used in api mode
24
+ - [#116] Support Doorkeeper API (> 5.4) for registering custom grant flows.
25
+ - [#117] Fix migration template to use Rails migrations DSL for association.
26
+ - [#118] Use fragment urls for implicit flow error redirects (thanks to @joeljunstrom)
27
+
28
+ ## v1.7.2 (2020-05-20)
29
+
30
+ ### Changes
31
+
32
+ - [#108] Add support for Doorkeeper 5.4
33
+ - [#103] Add support for end_session_endpoint
34
+ - [#109] Test against Ruby 2.7 & Rails 6.x
35
+
36
+ ## v1.7.1 (2020-02-07)
37
+
38
+ ### Upgrading
39
+
40
+ This version adds `on_delete: :cascade` to the migration template for the `oauth_openid_requests` table, in order to fix #82.
41
+
42
+ For existing installations, you should add a new migration in your application to drop the existing foreign key and replace it with a new one with `on_delete: :cascade` included. Depending on the database you're using and the size of your application this might bring up some concerns, but in most cases the following should be sufficient:
43
+
44
+ ```ruby
45
+ class UpdateOauthOpenIdRequestsForeignKeys < ActiveRecord::Migration[5.2]
46
+ def up
47
+ remove_foreign_key(:oauth_openid_requests, column: :access_grant_id)
48
+ add_foreign_key(:oauth_openid_requests, :oauth_access_grants, column: :access_grant_id, on_delete: :cascade)
49
+ end
50
+
51
+ def down
52
+ remove_foreign_key(:oauth_openid_requests, column: :access_grant_id)
53
+ add_foreign_key(:oauth_openid_requests, :oauth_access_grants, column: :access_grant_id)
54
+ end
55
+ end
56
+ ```
57
+
58
+ ### Bugfixes
59
+
60
+ - [#96] Bump `json-jwt` because of CVE-2019-18848 (thanks to @leleabhinav)
61
+ - [#97] Fixes for compatibility with Doorkeeper 5.2 (thanks to @linhdangduy)
62
+ - [#98] Cascade deletes from `oauth_openid_requests` to `oauth_access_grants` (thanks to @manojmj92)
63
+ - [#99] Fix `audience` claim when application is not set on access token (thanks to @ionut998)
64
+
65
+ ## v1.7.0 (2019-11-04)
6
66
 
7
67
  ### Changes
8
68
 
data/README.md CHANGED
@@ -4,6 +4,8 @@
4
4
  [![Code Climate](https://codeclimate.com/github/doorkeeper-gem/doorkeeper-openid_connect.svg)](https://codeclimate.com/github/doorkeeper-gem/doorkeeper-openid_connect)
5
5
  [![Gem Version](https://badge.fury.io/rb/doorkeeper-openid_connect.svg)](https://rubygems.org/gems/doorkeeper-openid_connect)
6
6
 
7
+ #### :warning: **This project is looking for maintainers, see [this issue](https://github.com/doorkeeper-gem/doorkeeper-openid_connect/issues/89).**
8
+
7
9
  This library implements an [OpenID Connect](http://openid.net/connect/) authentication provider for Rails applications on top of the [Doorkeeper](https://github.com/doorkeeper-gem/doorkeeper) OAuth 2.0 framework.
8
10
 
9
11
  OpenID Connect is a single-sign-on and identity layer with a [growing list of server and client implementations](http://openid.net/developers/libraries/). If you're looking for a client in Ruby check out [omniauth_openid_connect](https://github.com/m0n9oose/omniauth_openid_connect/).
@@ -137,6 +139,10 @@ The following settings are optional, but recommended for better client compatibi
137
139
  - Defines how to trigger reauthentication for the current user (e.g. display a password prompt, or sign-out the user and redirect to the login form).
138
140
  - Required to support the `max_age` and `prompt=login` parameters.
139
141
  - The block is executed in the controller's scope, so you have access to methods like `params`, `redirect_to` etc.
142
+ - `select_account_for_resource_owner`
143
+ - Defines how to trigger account selection to choose the current login user.
144
+ - Required to support the `prompt=select_account` parameter.
145
+ - The block is executed in the controller's scope, so you have access to methods like `params`, `redirect_to` etc.
140
146
 
141
147
  The following settings are optional:
142
148
 
@@ -150,6 +156,40 @@ The following settings are optional:
150
156
  - Note that the OIDC specification mandates HTTPS, so you shouldn't change this
151
157
  for production environments unless you have a really good reason!
152
158
 
159
+ - `end_session_endpoint`
160
+ - The URL that the user is redirected to after ending the session on the client.
161
+ - Used by implementations like https://github.com/IdentityModel/oidc-client-js.
162
+ - The block is executed in the controller's scope, so you have access to your route helpers.
163
+
164
+ - `discovery_url_options`
165
+ - The URL options for every available endpoint to use when generating the endpoint URL in the
166
+ discovery response. Available endpoints: `authorization`, `token`, `revocation`,
167
+ `introspection`, `userinfo`, `jwks`, `webfinger`.
168
+ - This option requires option keys with an available endpoint and
169
+ [URL options](https://api.rubyonrails.org/v6.0.3.3/classes/ActionDispatch/Routing/UrlFor.html#method-i-url_for)
170
+ as value.
171
+ - The default is to use the request host, just like all the other URLs in the discovery response.
172
+ - This is useful when you want endpoints to use a different URL than other requests.
173
+ For example, if your Doorkeeper server is behind a firewall with other servers, you might want
174
+ other servers to use an "internal" URL to communicate with Doorkeeper, but you want to present
175
+ an "external" URL to end-users for authentication requests. Note that this setting does not
176
+ actually change the URL that your Doorkeeper server responds on - that is outside the scope of
177
+ Doorkeeper.
178
+
179
+ ```ruby
180
+ # config/initializers/doorkeeper_openid_connect.rb
181
+ Doorkeeper::OpenidConnect.configure do
182
+ # ...
183
+ discovery_url_options do |request|
184
+ {
185
+ authorization: { host: 'host.example.com' },
186
+ jwks: { protocol: request.ssl? ? :https : :http }
187
+ }
188
+ end
189
+ # ...
190
+ end
191
+ ```
192
+
153
193
  ### Scopes
154
194
 
155
195
  To perform authentication over OpenID Connect, an OAuth client needs to request the `openid` scope. This scope needs to be enabled using either `optional_scopes` in the global Doorkeeper configuration in `config/initializers/doorkeeper.rb`, or by adding it to any OAuth application's `scope` attribute.
@@ -0,0 +1,17 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_dependency "#{Doorkeeper::Engine.root}/app/controllers/doorkeeper/authorizations_controller.rb"
4
+
5
+ module Doorkeeper
6
+ class AuthorizationsController
7
+ module AuthorizationsExtension
8
+ private
9
+
10
+ def pre_auth_param_fields
11
+ super.append(:nonce)
12
+ end
13
+ end
14
+
15
+ Doorkeeper::AuthorizationsController.prepend AuthorizationsExtension
16
+ end
17
+ end
@@ -1,9 +1,11 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Doorkeeper
2
4
  module OpenidConnect
3
5
  class DiscoveryController < ::Doorkeeper::ApplicationController
4
6
  include Doorkeeper::Helpers::Controller
5
7
 
6
- WEBFINGER_RELATION = 'http://openid.net/specs/connect/1.0/issuer'.freeze
8
+ WEBFINGER_RELATION = 'http://openid.net/specs/connect/1.0/issuer'
7
9
 
8
10
  def provider
9
11
  render json: provider_response
@@ -24,27 +26,25 @@ module Doorkeeper
24
26
  openid_connect = ::Doorkeeper::OpenidConnect.configuration
25
27
  {
26
28
  issuer: openid_connect.issuer,
27
- authorization_endpoint: oauth_authorization_url(protocol: protocol),
28
- token_endpoint: oauth_token_url(protocol: protocol),
29
- revocation_endpoint: oauth_revoke_url(protocol: protocol),
30
- introspection_endpoint: oauth_introspect_url(protocol: protocol),
31
- userinfo_endpoint: oauth_userinfo_url(protocol: protocol),
32
- jwks_uri: oauth_discovery_keys_url(protocol: protocol),
29
+ authorization_endpoint: oauth_authorization_url(authorization_url_options),
30
+ token_endpoint: oauth_token_url(token_url_options),
31
+ revocation_endpoint: oauth_revoke_url(revocation_url_options),
32
+ introspection_endpoint: oauth_introspect_url(introspection_url_options),
33
+ userinfo_endpoint: oauth_userinfo_url(userinfo_url_options),
34
+ jwks_uri: oauth_discovery_keys_url(jwks_url_options),
35
+ end_session_endpoint: instance_exec(&openid_connect.end_session_endpoint),
33
36
 
34
37
  scopes_supported: doorkeeper.scopes,
35
38
 
36
39
  # TODO: support id_token response type
37
40
  response_types_supported: doorkeeper.authorization_response_types,
38
- response_modes_supported: [ 'query', 'fragment' ],
39
-
40
- token_endpoint_auth_methods_supported: [
41
- 'client_secret_basic',
42
- 'client_secret_post',
41
+ response_modes_supported: %w[query fragment],
42
+ grant_types_supported: grant_types_supported(doorkeeper),
43
43
 
44
- # TODO: look into doorkeeper-jwt_assertion for these
45
- #'client_secret_jwt',
46
- #'private_key_jwt'
47
- ],
44
+ # TODO: look into doorkeeper-jwt_assertion for these
45
+ # 'client_secret_jwt',
46
+ # 'private_key_jwt'
47
+ token_endpoint_auth_methods_supported: %w[client_secret_basic client_secret_post],
48
48
 
49
49
  subject_types_supported: openid_connect.subject_types_supported,
50
50
 
@@ -56,18 +56,24 @@ module Doorkeeper
56
56
  'normal',
57
57
 
58
58
  # TODO: support these
59
- #'aggregated',
60
- #'distributed',
59
+ # 'aggregated',
60
+ # 'distributed',
61
61
  ],
62
62
 
63
- claims_supported: [
64
- 'iss',
65
- 'sub',
66
- 'aud',
67
- 'exp',
68
- 'iat',
63
+ claims_supported: %w[
64
+ iss
65
+ sub
66
+ aud
67
+ exp
68
+ iat
69
69
  ] | openid_connect.claims.to_h.keys,
70
- }
70
+ }.compact
71
+ end
72
+
73
+ def grant_types_supported(doorkeeper)
74
+ grant_types_supported = doorkeeper.grant_flows.dup
75
+ grant_types_supported << 'refresh_token' if doorkeeper.refresh_token_enabled?
76
+ grant_types_supported
71
77
  end
72
78
 
73
79
  def webfinger_response
@@ -76,7 +82,7 @@ module Doorkeeper
76
82
  links: [
77
83
  {
78
84
  rel: WEBFINGER_RELATION,
79
- href: root_url(protocol: protocol),
85
+ href: root_url(webfinger_url_options),
80
86
  }
81
87
  ]
82
88
  }
@@ -98,6 +104,22 @@ module Doorkeeper
98
104
  def protocol
99
105
  Doorkeeper::OpenidConnect.configuration.protocol.call
100
106
  end
107
+
108
+ def discovery_url_options
109
+ Doorkeeper::OpenidConnect.configuration.discovery_url_options.call(request)
110
+ end
111
+
112
+ def discovery_url_default_options
113
+ {
114
+ protocol: protocol
115
+ }
116
+ end
117
+
118
+ %i[authorization token revocation introspection userinfo jwks webfinger].each do |endpoint|
119
+ define_method :"#{endpoint}_url_options" do
120
+ discovery_url_default_options.merge(discovery_url_options[endpoint.to_sym] || {})
121
+ end
122
+ end
101
123
  end
102
124
  end
103
125
  end
@@ -1,7 +1,11 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Doorkeeper
2
4
  module OpenidConnect
3
5
  class UserinfoController < ::Doorkeeper::ApplicationController
4
- skip_before_action :verify_authenticity_token
6
+ unless Doorkeeper.configuration.api_only
7
+ skip_before_action :verify_authenticity_token
8
+ end
5
9
  before_action -> { doorkeeper_authorize! :openid }
6
10
 
7
11
  def show
@@ -19,4 +19,5 @@ en:
19
19
  resource_owner_from_access_token_not_configured: 'Failure due to Doorkeeper::OpenidConnect.configure.resource_owner_from_access_token missing configuration.'
20
20
  auth_time_from_resource_owner_not_configured: 'Failure due to Doorkeeper::OpenidConnect.configure.auth_time_from_resource_owner missing configuration.'
21
21
  reauthenticate_resource_owner_not_configured: 'Failure due to Doorkeeper::OpenidConnect.configure.reauthenticate_resource_owner missing configuration.'
22
+ select_account_for_resource_owner_not_configured: 'Failure due to Doorkeeper::OpenidConnect.configure.select_account_for_resource_owner missing configuration.'
22
23
  subject_not_configured: 'ID Token generation failed due to Doorkeeper::OpenidConnect.configure.subject missing configuration.'
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Doorkeeper
2
4
  module OAuth
3
5
  class IdTokenRequest
@@ -9,18 +11,18 @@ module Doorkeeper
9
11
  end
10
12
 
11
13
  def authorize
12
- if pre_auth.authorizable?
13
- @auth = Authorization::Token.new(pre_auth, resource_owner)
14
- @auth.issue_token
15
- @response = response
14
+ @auth = Authorization::Token.new(pre_auth, resource_owner)
15
+ if @auth.respond_to?(:issue_token!)
16
+ @auth.issue_token!
16
17
  else
17
- @response = error_response
18
+ @auth.issue_token
18
19
  end
20
+ response
19
21
  end
20
22
 
21
23
  def deny
22
24
  pre_auth.error = :access_denied
23
- error_response
25
+ pre_auth.error_response
24
26
  end
25
27
 
26
28
  private
@@ -30,12 +32,6 @@ module Doorkeeper
30
32
 
31
33
  IdTokenResponse.new(pre_auth, auth, id_token)
32
34
  end
33
-
34
- def error_response
35
- ErrorResponse.from_request pre_auth,
36
- redirect_uri: pre_auth.redirect_uri,
37
- response_on_fragment: true
38
- end
39
35
  end
40
36
  end
41
37
  end
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Doorkeeper
2
4
  module OAuth
3
5
  class IdTokenResponse < BaseResponse
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Doorkeeper
2
4
  module OAuth
3
5
  class IdTokenTokenRequest < IdTokenRequest
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Doorkeeper
2
4
  module OAuth
3
5
  class IdTokenTokenResponse < IdTokenResponse
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'doorkeeper'
2
4
  require 'active_model'
3
5
  require 'json/jwt'
@@ -20,6 +22,7 @@ require 'doorkeeper/openid_connect/errors'
20
22
  require 'doorkeeper/openid_connect/id_token'
21
23
  require 'doorkeeper/openid_connect/id_token_token'
22
24
  require 'doorkeeper/openid_connect/user_info'
25
+ require 'doorkeeper/openid_connect/response_mode'
23
26
  require 'doorkeeper/openid_connect/version'
24
27
 
25
28
  require 'doorkeeper/openid_connect/helpers/controller'
@@ -42,7 +45,7 @@ module Doorkeeper
42
45
 
43
46
  def self.signing_key
44
47
  key =
45
- if [:HS256, :HS384, :HS512].include?(signing_algorithm)
48
+ if %i[HS256 HS384 HS512].include?(signing_algorithm)
46
49
  configuration.signing_key
47
50
  else
48
51
  OpenSSL::PKey.read(configuration.signing_key)
@@ -61,5 +64,27 @@ module Doorkeeper
61
64
  key.slice(:kty, :kid)
62
65
  end
63
66
  end
67
+
68
+ if defined?(::Doorkeeper::GrantFlow)
69
+ Doorkeeper::GrantFlow.register(
70
+ :id_token,
71
+ response_type_matches: 'id_token',
72
+ response_type_strategy: Doorkeeper::OpenidConnect::IdToken,
73
+ )
74
+
75
+ Doorkeeper::GrantFlow.register(
76
+ 'id_token token',
77
+ response_type_matches: 'id_token token',
78
+ response_type_strategy: Doorkeeper::OpenidConnect::IdTokenToken,
79
+ )
80
+
81
+ Doorkeeper::GrantFlow.register_alias(
82
+ 'implicit_oidc', as: ['implicit', 'id_token', 'id_token token']
83
+ )
84
+ else
85
+ # TODO: drop this and corresponding file when we will set minimal
86
+ # required Doorkeeper version to 5.5.
87
+ Doorkeeper::Config.prepend OpenidConnect::ResponseTypeConfig
88
+ end
64
89
  end
65
90
  end
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Doorkeeper
2
4
  module OpenidConnect
3
5
  module Claims
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Doorkeeper
2
4
  module OpenidConnect
3
5
  module Claims
@@ -11,10 +13,10 @@ module Doorkeeper
11
13
  name family_name given_name middle_name nickname preferred_username
12
14
  profile picture website gender birthdate zoneinfo locale updated_at
13
15
  ],
14
- email: %i[ email email_verified ],
15
- address: %i[ address ],
16
- phone: %i[ phone_number phone_number_verified ],
17
- }
16
+ email: %i[email email_verified],
17
+ address: %i[address],
18
+ phone: %i[phone_number phone_number_verified],
19
+ }.freeze
18
20
 
19
21
  def initialize(options = {})
20
22
  @name = options[:name].to_sym
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Doorkeeper
2
4
  module OpenidConnect
3
5
  module Claims