doorkeeper-openid_connect 1.7.1 → 1.7.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -0
- data/README.md +4 -0
- data/app/controllers/doorkeeper/authorizations_controller.rb +1 -1
- data/app/controllers/doorkeeper/openid_connect/discovery_controller.rb +16 -13
- data/app/controllers/doorkeeper/openid_connect/userinfo_controller.rb +2 -0
- data/lib/doorkeeper/oauth/id_token_request.rb +7 -1
- data/lib/doorkeeper/oauth/id_token_response.rb +2 -0
- data/lib/doorkeeper/oauth/id_token_token_request.rb +2 -0
- data/lib/doorkeeper/oauth/id_token_token_response.rb +2 -0
- data/lib/doorkeeper/openid_connect.rb +3 -1
- data/lib/doorkeeper/openid_connect/claims/aggregated_claim.rb +2 -0
- data/lib/doorkeeper/openid_connect/claims/claim.rb +6 -4
- data/lib/doorkeeper/openid_connect/claims/distributed_claim.rb +2 -0
- data/lib/doorkeeper/openid_connect/claims/normal_claim.rb +2 -0
- data/lib/doorkeeper/openid_connect/claims_builder.rb +3 -1
- data/lib/doorkeeper/openid_connect/config.rb +16 -10
- data/lib/doorkeeper/openid_connect/engine.rb +2 -0
- data/lib/doorkeeper/openid_connect/errors.rb +2 -0
- data/lib/doorkeeper/openid_connect/helpers/controller.rb +24 -15
- data/lib/doorkeeper/openid_connect/id_token.rb +3 -1
- data/lib/doorkeeper/openid_connect/id_token_token.rb +2 -0
- data/lib/doorkeeper/openid_connect/oauth/authorization/code.rb +25 -8
- data/lib/doorkeeper/openid_connect/oauth/authorization_code_request.rb +4 -2
- data/lib/doorkeeper/openid_connect/oauth/password_access_token_request.rb +3 -1
- data/lib/doorkeeper/openid_connect/oauth/pre_authorization.rb +11 -4
- data/lib/doorkeeper/openid_connect/oauth/token_response.rb +3 -1
- data/lib/doorkeeper/openid_connect/orm/active_record.rb +2 -0
- data/lib/doorkeeper/openid_connect/orm/active_record/access_grant.rb +3 -1
- data/lib/doorkeeper/openid_connect/orm/active_record/request.rb +5 -3
- data/lib/doorkeeper/openid_connect/rails/routes.rb +3 -1
- data/lib/doorkeeper/openid_connect/rails/routes/mapper.rb +2 -0
- data/lib/doorkeeper/openid_connect/rails/routes/mapping.rb +2 -0
- data/lib/doorkeeper/openid_connect/response_types_config.rb +3 -1
- data/lib/doorkeeper/openid_connect/user_info.rb +2 -0
- data/lib/doorkeeper/openid_connect/version.rb +3 -1
- data/lib/doorkeeper/request/id_token.rb +2 -0
- data/lib/doorkeeper/request/id_token_token.rb +2 -0
- data/lib/generators/doorkeeper/openid_connect/install_generator.rb +4 -2
- data/lib/generators/doorkeeper/openid_connect/migration_generator.rb +3 -1
- data/lib/generators/doorkeeper/openid_connect/templates/initializer.rb +7 -5
- metadata +21 -30
- data/.gitignore +0 -8
- data/.ruby-version +0 -1
- data/.travis.yml +0 -27
- data/CONTRIBUTING.md +0 -45
- data/Gemfile +0 -8
- data/Rakefile +0 -24
- data/bin/console +0 -9
- data/bin/setup +0 -8
- data/doorkeeper-openid_connect.gemspec +0 -32
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: dd500337bf3593b1f15ab64da67dd2da940797271fd1a169e47f2542371d6930
|
4
|
+
data.tar.gz: 4c3fdae9aca104f74f2bcf2e2805d09fe784e75326e3fa2382de8ba74133987a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 887f767a61bd22be260dfb2b3d37de2e3334b25ff53aacbf9b6b41aecb88a287ae308d9fd65950e7c850ab023569d08cb1c31cceda4182cb667c3b61a984406e
|
7
|
+
data.tar.gz: 670454a6c3e5dbe69dcb511e68acbb63b2b558410a3ae0268400918dd11e3ae4d320fb1bd7d876cade2b7313132c925befcd51ad0bd023bfb826f36ee9d127b9
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
@@ -152,6 +152,10 @@ The following settings are optional:
|
|
152
152
|
- Note that the OIDC specification mandates HTTPS, so you shouldn't change this
|
153
153
|
for production environments unless you have a really good reason!
|
154
154
|
|
155
|
+
- `end_session_endpoint`
|
156
|
+
- The URL that the user is redirected to after ending the session on the client.
|
157
|
+
- Used by implementations like https://github.com/IdentityModel/oidc-client-js.
|
158
|
+
|
155
159
|
### Scopes
|
156
160
|
|
157
161
|
To perform authentication over OpenID Connect, an OAuth client needs to request the `openid` scope. This scope needs to be enabled using either `optional_scopes` in the global Doorkeeper configuration in `config/initializers/doorkeeper.rb`, or by adding it to any OAuth application's `scope` attribute.
|
@@ -1,9 +1,11 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Doorkeeper
|
2
4
|
module OpenidConnect
|
3
5
|
class DiscoveryController < ::Doorkeeper::ApplicationController
|
4
6
|
include Doorkeeper::Helpers::Controller
|
5
7
|
|
6
|
-
WEBFINGER_RELATION = 'http://openid.net/specs/connect/1.0/issuer'
|
8
|
+
WEBFINGER_RELATION = 'http://openid.net/specs/connect/1.0/issuer'
|
7
9
|
|
8
10
|
def provider
|
9
11
|
render json: provider_response
|
@@ -30,20 +32,21 @@ module Doorkeeper
|
|
30
32
|
introspection_endpoint: oauth_introspect_url(protocol: protocol),
|
31
33
|
userinfo_endpoint: oauth_userinfo_url(protocol: protocol),
|
32
34
|
jwks_uri: oauth_discovery_keys_url(protocol: protocol),
|
35
|
+
end_session_endpoint: openid_connect.end_session_endpoint.call,
|
33
36
|
|
34
37
|
scopes_supported: doorkeeper.scopes,
|
35
38
|
|
36
39
|
# TODO: support id_token response type
|
37
40
|
response_types_supported: doorkeeper.authorization_response_types,
|
38
|
-
response_modes_supported: [
|
41
|
+
response_modes_supported: ['query', 'fragment'],
|
39
42
|
|
40
43
|
token_endpoint_auth_methods_supported: [
|
41
44
|
'client_secret_basic',
|
42
45
|
'client_secret_post',
|
43
46
|
|
44
47
|
# TODO: look into doorkeeper-jwt_assertion for these
|
45
|
-
#'client_secret_jwt',
|
46
|
-
#'private_key_jwt'
|
48
|
+
# 'client_secret_jwt',
|
49
|
+
# 'private_key_jwt'
|
47
50
|
],
|
48
51
|
|
49
52
|
subject_types_supported: openid_connect.subject_types_supported,
|
@@ -56,18 +59,18 @@ module Doorkeeper
|
|
56
59
|
'normal',
|
57
60
|
|
58
61
|
# TODO: support these
|
59
|
-
#'aggregated',
|
60
|
-
#'distributed',
|
62
|
+
# 'aggregated',
|
63
|
+
# 'distributed',
|
61
64
|
],
|
62
65
|
|
63
|
-
claims_supported: [
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
66
|
+
claims_supported: %w[
|
67
|
+
iss
|
68
|
+
sub
|
69
|
+
aud
|
70
|
+
exp
|
71
|
+
iat
|
69
72
|
] | openid_connect.claims.to_h.keys,
|
70
|
-
}
|
73
|
+
}.compact
|
71
74
|
end
|
72
75
|
|
73
76
|
def webfinger_response
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Doorkeeper
|
2
4
|
module OAuth
|
3
5
|
class IdTokenRequest
|
@@ -10,7 +12,11 @@ module Doorkeeper
|
|
10
12
|
|
11
13
|
def authorize
|
12
14
|
@auth = Authorization::Token.new(pre_auth, resource_owner)
|
13
|
-
@auth.issue_token
|
15
|
+
if @auth.respond_to?(:issue_token!)
|
16
|
+
@auth.issue_token!
|
17
|
+
else
|
18
|
+
@auth.issue_token
|
19
|
+
end
|
14
20
|
response
|
15
21
|
end
|
16
22
|
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'doorkeeper'
|
2
4
|
require 'active_model'
|
3
5
|
require 'json/jwt'
|
@@ -42,7 +44,7 @@ module Doorkeeper
|
|
42
44
|
|
43
45
|
def self.signing_key
|
44
46
|
key =
|
45
|
-
if [
|
47
|
+
if %i[HS256 HS384 HS512].include?(signing_algorithm)
|
46
48
|
configuration.signing_key
|
47
49
|
else
|
48
50
|
OpenSSL::PKey.read(configuration.signing_key)
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Doorkeeper
|
2
4
|
module OpenidConnect
|
3
5
|
module Claims
|
@@ -11,10 +13,10 @@ module Doorkeeper
|
|
11
13
|
name family_name given_name middle_name nickname preferred_username
|
12
14
|
profile picture website gender birthdate zoneinfo locale updated_at
|
13
15
|
],
|
14
|
-
email: %i[
|
15
|
-
address: %i[
|
16
|
-
phone: %i[
|
17
|
-
}
|
16
|
+
email: %i[email email_verified],
|
17
|
+
address: %i[address],
|
18
|
+
phone: %i[phone_number phone_number_verified],
|
19
|
+
}.freeze
|
18
20
|
|
19
21
|
def initialize(options = {})
|
20
22
|
@name = options[:name].to_sym
|
@@ -1,15 +1,17 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Doorkeeper
|
2
4
|
module OpenidConnect
|
3
5
|
def self.configure(&block)
|
4
6
|
if Doorkeeper.configuration.orm != :active_record
|
5
|
-
|
7
|
+
raise Errors::InvalidConfiguration, 'Doorkeeper OpenID Connect currently only supports the ActiveRecord ORM adapter'
|
6
8
|
end
|
7
9
|
|
8
10
|
@config = Config::Builder.new(&block).build
|
9
11
|
end
|
10
12
|
|
11
13
|
def self.configuration
|
12
|
-
@config || (
|
14
|
+
@config || (raise Errors::MissingConfiguration)
|
13
15
|
end
|
14
16
|
|
15
17
|
class Config
|
@@ -23,12 +25,12 @@ module Doorkeeper
|
|
23
25
|
@config
|
24
26
|
end
|
25
27
|
|
26
|
-
def jws_public_key(*
|
27
|
-
puts
|
28
|
+
def jws_public_key(*_args)
|
29
|
+
puts 'DEPRECATION WARNING: `jws_public_key` is not needed anymore and will be removed in a future version, please remove it from config/initializers/doorkeeper_openid_connect.rb'
|
28
30
|
end
|
29
31
|
|
30
32
|
def jws_private_key(*args)
|
31
|
-
puts
|
33
|
+
puts 'DEPRECATION WARNING: `jws_private_key` has been replaced by `signing_key` and will be removed in a future version, please remove it from config/initializers/doorkeeper_openid_connect.rb'
|
32
34
|
signing_key(*args)
|
33
35
|
end
|
34
36
|
end
|
@@ -71,7 +73,7 @@ module Doorkeeper
|
|
71
73
|
value = if attribute_builder
|
72
74
|
attribute_builder.new(&block).build
|
73
75
|
else
|
74
|
-
block
|
76
|
+
block || args.first
|
75
77
|
end
|
76
78
|
|
77
79
|
@config.instance_variable_set(:"@#{attribute}", value)
|
@@ -102,19 +104,19 @@ module Doorkeeper
|
|
102
104
|
option :subject_types_supported, default: [:public]
|
103
105
|
|
104
106
|
option :resource_owner_from_access_token, default: lambda { |*_|
|
105
|
-
|
107
|
+
raise Errors::InvalidConfiguration, I18n.translate('doorkeeper.openid_connect.errors.messages.resource_owner_from_access_token_not_configured')
|
106
108
|
}
|
107
109
|
|
108
110
|
option :auth_time_from_resource_owner, default: lambda { |*_|
|
109
|
-
|
111
|
+
raise Errors::InvalidConfiguration, I18n.translate('doorkeeper.openid_connect.errors.messages.auth_time_from_resource_owner_not_configured')
|
110
112
|
}
|
111
113
|
|
112
114
|
option :reauthenticate_resource_owner, default: lambda { |*_|
|
113
|
-
|
115
|
+
raise Errors::InvalidConfiguration, I18n.translate('doorkeeper.openid_connect.errors.messages.reauthenticate_resource_owner_not_configured')
|
114
116
|
}
|
115
117
|
|
116
118
|
option :subject, default: lambda { |*_|
|
117
|
-
|
119
|
+
raise Errors::InvalidConfiguration, I18n.translate('doorkeeper.openid_connect.errors.messages.subject_not_configured')
|
118
120
|
}
|
119
121
|
|
120
122
|
option :expiration, default: 120
|
@@ -124,6 +126,10 @@ module Doorkeeper
|
|
124
126
|
option :protocol, default: lambda { |*_|
|
125
127
|
::Rails.env.production? ? :https : :http
|
126
128
|
}
|
129
|
+
|
130
|
+
option :end_session_endpoint, default: lambda { |*_|
|
131
|
+
nil
|
132
|
+
}
|
127
133
|
end
|
128
134
|
end
|
129
135
|
end
|
@@ -1,9 +1,18 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Doorkeeper
|
2
4
|
module OpenidConnect
|
3
5
|
module Helpers
|
4
6
|
module Controller
|
5
7
|
private
|
6
8
|
|
9
|
+
# FIXME: remove after Doorkeeper will merge it
|
10
|
+
def current_resource_owner
|
11
|
+
return @current_resource_owner if defined?(@current_resource_owner)
|
12
|
+
|
13
|
+
super
|
14
|
+
end
|
15
|
+
|
7
16
|
def authenticate_resource_owner!
|
8
17
|
super.tap do |owner|
|
9
18
|
next unless oidc_authorization_request?
|
@@ -11,8 +20,8 @@ module Doorkeeper
|
|
11
20
|
handle_oidc_prompt_param!(owner)
|
12
21
|
handle_oidc_max_age_param!(owner)
|
13
22
|
end
|
14
|
-
rescue Errors::OpenidConnectError =>
|
15
|
-
handle_oidc_error!(
|
23
|
+
rescue Errors::OpenidConnectError => e
|
24
|
+
handle_oidc_error!(e)
|
16
25
|
end
|
17
26
|
|
18
27
|
def oidc_authorization_request?
|
@@ -30,17 +39,17 @@ module Doorkeeper
|
|
30
39
|
@_response_body = nil
|
31
40
|
|
32
41
|
error_response = if exception.type == :invalid_request
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
42
|
+
::Doorkeeper::OAuth::InvalidRequestResponse.new(
|
43
|
+
name: exception.type,
|
44
|
+
state: params[:state],
|
45
|
+
redirect_uri: params[:redirect_uri],
|
46
|
+
)
|
47
|
+
else
|
48
|
+
::Doorkeeper::OAuth::ErrorResponse.new(
|
49
|
+
name: exception.type,
|
50
|
+
state: params[:state],
|
51
|
+
redirect_uri: params[:redirect_uri],
|
52
|
+
)
|
44
53
|
end
|
45
54
|
|
46
55
|
response.headers.merge!(error_response.headers)
|
@@ -58,7 +67,7 @@ module Doorkeeper
|
|
58
67
|
prompt_values.each do |prompt|
|
59
68
|
case prompt
|
60
69
|
when 'none'
|
61
|
-
raise Errors::InvalidRequest if (prompt_values - [
|
70
|
+
raise Errors::InvalidRequest if (prompt_values - ['none']).any?
|
62
71
|
raise Errors::LoginRequired unless owner
|
63
72
|
raise Errors::ConsentRequired if oidc_consent_required?
|
64
73
|
when 'login'
|
@@ -111,5 +120,5 @@ module Doorkeeper
|
|
111
120
|
end
|
112
121
|
end
|
113
122
|
|
114
|
-
Helpers::Controller.
|
123
|
+
Helpers::Controller.prepend OpenidConnect::Helpers::Controller
|
115
124
|
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Doorkeeper
|
2
4
|
module OpenidConnect
|
3
5
|
class IdToken
|
@@ -9,7 +11,7 @@ module Doorkeeper
|
|
9
11
|
@access_token = access_token
|
10
12
|
@nonce = nonce
|
11
13
|
@resource_owner = Doorkeeper::OpenidConnect.configuration.resource_owner_from_access_token.call(access_token)
|
12
|
-
@issued_at = Time.now
|
14
|
+
@issued_at = Time.zone.now
|
13
15
|
end
|
14
16
|
|
15
17
|
def claims
|
@@ -1,22 +1,39 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Doorkeeper
|
2
4
|
module OpenidConnect
|
3
5
|
module OAuth
|
4
6
|
module Authorization
|
5
7
|
module Code
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
8
|
+
if Doorkeeper::OAuth::Authorization::Code.method_defined?(:issue_token!)
|
9
|
+
def issue_token!
|
10
|
+
super.tap do |access_grant|
|
11
|
+
create_openid_request(access_grant) if pre_auth.nonce.present?
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
15
|
+
alias issue_token issue_token!
|
16
|
+
else
|
17
|
+
# FIXME: drop this after dropping support of Doorkeeper < 5.4
|
18
|
+
def issue_token
|
19
|
+
super.tap do |access_grant|
|
20
|
+
create_openid_request(access_grant) if pre_auth.nonce.present?
|
13
21
|
end
|
14
22
|
end
|
15
23
|
end
|
24
|
+
|
25
|
+
private
|
26
|
+
|
27
|
+
def create_openid_request(access_grant)
|
28
|
+
::Doorkeeper::OpenidConnect::Request.create!(
|
29
|
+
access_grant: access_grant,
|
30
|
+
nonce: pre_auth.nonce
|
31
|
+
)
|
32
|
+
end
|
16
33
|
end
|
17
34
|
end
|
18
35
|
end
|
19
36
|
end
|
20
37
|
|
21
|
-
OAuth::Authorization::Code.
|
38
|
+
OAuth::Authorization::Code.prepend OpenidConnect::OAuth::Authorization::Code
|
22
39
|
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Doorkeeper
|
2
4
|
module OpenidConnect
|
3
5
|
module OAuth
|
@@ -8,7 +10,7 @@ module Doorkeeper
|
|
8
10
|
super
|
9
11
|
|
10
12
|
nonce =
|
11
|
-
if openid_request = grant.openid_request
|
13
|
+
if (openid_request = grant.openid_request)
|
12
14
|
openid_request.destroy!
|
13
15
|
openid_request.nonce
|
14
16
|
end
|
@@ -20,5 +22,5 @@ module Doorkeeper
|
|
20
22
|
end
|
21
23
|
end
|
22
24
|
|
23
|
-
OAuth::AuthorizationCodeRequest.
|
25
|
+
OAuth::AuthorizationCodeRequest.prepend OpenidConnect::OAuth::AuthorizationCodeRequest
|
24
26
|
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Doorkeeper
|
2
4
|
module OpenidConnect
|
3
5
|
module OAuth
|
@@ -20,5 +22,5 @@ module Doorkeeper
|
|
20
22
|
end
|
21
23
|
end
|
22
24
|
|
23
|
-
OAuth::PasswordAccessTokenRequest.
|
25
|
+
OAuth::PasswordAccessTokenRequest.prepend OpenidConnect::OAuth::PasswordAccessTokenRequest
|
24
26
|
end
|
@@ -1,11 +1,18 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Doorkeeper
|
2
4
|
module OpenidConnect
|
3
5
|
module OAuth
|
4
6
|
module PreAuthorization
|
5
7
|
attr_reader :nonce
|
6
8
|
|
7
|
-
def initialize(server, attrs = {})
|
8
|
-
|
9
|
+
def initialize(server, attrs = {}, resource_owner = nil)
|
10
|
+
if (Doorkeeper::VERSION::MAJOR >= 5 && Doorkeeper::VERSION::MINOR >= 4) ||
|
11
|
+
Doorkeeper::VERSION::MAJOR >= 6
|
12
|
+
super
|
13
|
+
else
|
14
|
+
super(server, attrs)
|
15
|
+
end
|
9
16
|
@nonce = attrs[:nonce]
|
10
17
|
end
|
11
18
|
|
@@ -22,11 +29,11 @@ module Doorkeeper
|
|
22
29
|
private
|
23
30
|
|
24
31
|
def response_on_fragment?
|
25
|
-
response_type ==
|
32
|
+
response_type == 'token' || response_type == 'id_token' || response_type == 'id_token token'
|
26
33
|
end
|
27
34
|
end
|
28
35
|
end
|
29
36
|
end
|
30
37
|
|
31
|
-
OAuth::PreAuthorization.
|
38
|
+
OAuth::PreAuthorization.prepend OpenidConnect::OAuth::PreAuthorization
|
32
39
|
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Doorkeeper
|
2
4
|
module OpenidConnect
|
3
5
|
module OAuth
|
@@ -19,5 +21,5 @@ module Doorkeeper
|
|
19
21
|
end
|
20
22
|
end
|
21
23
|
|
22
|
-
OAuth::TokenResponse.
|
24
|
+
OAuth::TokenResponse.prepend OpenidConnect::OAuth::TokenResponse
|
23
25
|
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Doorkeeper
|
2
4
|
module OpenidConnect
|
3
5
|
module AccessGrant
|
@@ -12,5 +14,5 @@ module Doorkeeper
|
|
12
14
|
end
|
13
15
|
end
|
14
16
|
|
15
|
-
AccessGrant.
|
17
|
+
AccessGrant.prepend OpenidConnect::AccessGrant
|
16
18
|
end
|
@@ -1,12 +1,14 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Doorkeeper
|
2
4
|
module OpenidConnect
|
3
|
-
class Request <
|
5
|
+
class Request < ApplicationRecord
|
4
6
|
self.table_name = "#{table_name_prefix}oauth_openid_requests#{table_name_suffix}".to_sym
|
5
7
|
|
6
8
|
validates :access_grant_id, :nonce, presence: true
|
7
9
|
belongs_to :access_grant,
|
8
|
-
|
9
|
-
|
10
|
+
class_name: 'Doorkeeper::AccessGrant',
|
11
|
+
inverse_of: :openid_request
|
10
12
|
end
|
11
13
|
end
|
12
14
|
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'doorkeeper/openid_connect/rails/routes/mapping'
|
2
4
|
require 'doorkeeper/openid_connect/rails/routes/mapper'
|
3
5
|
|
@@ -12,7 +14,7 @@ module Doorkeeper
|
|
12
14
|
end
|
13
15
|
|
14
16
|
def self.install!
|
15
|
-
ActionDispatch::Routing::Mapper.
|
17
|
+
ActionDispatch::Routing::Mapper.include Doorkeeper::OpenidConnect::Rails::Routes::Helper
|
16
18
|
end
|
17
19
|
|
18
20
|
attr_accessor :routes
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Doorkeeper
|
2
4
|
module OpenidConnect
|
3
5
|
module ResponseTypeConfig
|
@@ -13,5 +15,5 @@ module Doorkeeper
|
|
13
15
|
end
|
14
16
|
end
|
15
17
|
|
16
|
-
Config.
|
18
|
+
Config.prepend OpenidConnect::ResponseTypeConfig
|
17
19
|
end
|
@@ -1,13 +1,15 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Doorkeeper
|
2
4
|
module OpenidConnect
|
3
5
|
class InstallGenerator < ::Rails::Generators::Base
|
4
6
|
include ::Rails::Generators::Migration
|
5
|
-
source_root File.expand_path('
|
7
|
+
source_root File.expand_path('templates', __dir__)
|
6
8
|
desc 'Installs Doorkeeper OpenID Connect.'
|
7
9
|
|
8
10
|
def install
|
9
11
|
template 'initializer.rb', 'config/initializers/doorkeeper_openid_connect.rb'
|
10
|
-
copy_file File.expand_path('
|
12
|
+
copy_file File.expand_path('../../../../config/locales/en.yml', __dir__), 'config/locales/doorkeeper_openid_connect.en.yml'
|
11
13
|
route 'use_doorkeeper_openid_connect'
|
12
14
|
end
|
13
15
|
end
|
@@ -1,10 +1,12 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'rails/generators/active_record'
|
2
4
|
|
3
5
|
module Doorkeeper
|
4
6
|
module OpenidConnect
|
5
7
|
class MigrationGenerator < ::Rails::Generators::Base
|
6
8
|
include ::Rails::Generators::Migration
|
7
|
-
source_root File.expand_path('
|
9
|
+
source_root File.expand_path('templates', __dir__)
|
8
10
|
desc 'Installs Doorkeeper OpenID Connect migration file.'
|
9
11
|
|
10
12
|
def install
|
@@ -1,11 +1,13 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
Doorkeeper::OpenidConnect.configure do
|
2
4
|
issuer 'issuer string'
|
3
5
|
|
4
|
-
signing_key
|
5
|
-
-----BEGIN RSA PRIVATE KEY-----
|
6
|
-
....
|
7
|
-
-----END RSA PRIVATE KEY-----
|
8
|
-
|
6
|
+
signing_key <<~KEY
|
7
|
+
-----BEGIN RSA PRIVATE KEY-----
|
8
|
+
....
|
9
|
+
-----END RSA PRIVATE KEY-----
|
10
|
+
KEY
|
9
11
|
|
10
12
|
subject_types_supported [:public]
|
11
13
|
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: doorkeeper-openid_connect
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.7.
|
4
|
+
version: 1.7.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sam Dengler
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2020-
|
12
|
+
date: 2020-05-20 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: doorkeeper
|
@@ -20,7 +20,7 @@ dependencies:
|
|
20
20
|
version: '5.2'
|
21
21
|
- - "<"
|
22
22
|
- !ruby/object:Gem::Version
|
23
|
-
version: '5.
|
23
|
+
version: '5.5'
|
24
24
|
type: :runtime
|
25
25
|
prerelease: false
|
26
26
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -30,7 +30,7 @@ dependencies:
|
|
30
30
|
version: '5.2'
|
31
31
|
- - "<"
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: '5.
|
33
|
+
version: '5.5'
|
34
34
|
- !ruby/object:Gem::Dependency
|
35
35
|
name: json-jwt
|
36
36
|
requirement: !ruby/object:Gem::Requirement
|
@@ -46,19 +46,19 @@ dependencies:
|
|
46
46
|
- !ruby/object:Gem::Version
|
47
47
|
version: 1.11.0
|
48
48
|
- !ruby/object:Gem::Dependency
|
49
|
-
name:
|
49
|
+
name: conventional-changelog
|
50
50
|
requirement: !ruby/object:Gem::Requirement
|
51
51
|
requirements:
|
52
|
-
- - "
|
52
|
+
- - "~>"
|
53
53
|
- !ruby/object:Gem::Version
|
54
|
-
version: '
|
54
|
+
version: '1.2'
|
55
55
|
type: :development
|
56
56
|
prerelease: false
|
57
57
|
version_requirements: !ruby/object:Gem::Requirement
|
58
58
|
requirements:
|
59
|
-
- - "
|
59
|
+
- - "~>"
|
60
60
|
- !ruby/object:Gem::Version
|
61
|
-
version: '
|
61
|
+
version: '1.2'
|
62
62
|
- !ruby/object:Gem::Dependency
|
63
63
|
name: factory_bot
|
64
64
|
requirement: !ruby/object:Gem::Requirement
|
@@ -74,21 +74,21 @@ dependencies:
|
|
74
74
|
- !ruby/object:Gem::Version
|
75
75
|
version: '0'
|
76
76
|
- !ruby/object:Gem::Dependency
|
77
|
-
name:
|
77
|
+
name: pry-byebug
|
78
78
|
requirement: !ruby/object:Gem::Requirement
|
79
79
|
requirements:
|
80
|
-
- - "
|
80
|
+
- - ">="
|
81
81
|
- !ruby/object:Gem::Version
|
82
|
-
version:
|
82
|
+
version: '0'
|
83
83
|
type: :development
|
84
84
|
prerelease: false
|
85
85
|
version_requirements: !ruby/object:Gem::Requirement
|
86
86
|
requirements:
|
87
|
-
- - "
|
87
|
+
- - ">="
|
88
88
|
- !ruby/object:Gem::Version
|
89
|
-
version:
|
89
|
+
version: '0'
|
90
90
|
- !ruby/object:Gem::Dependency
|
91
|
-
name:
|
91
|
+
name: rspec-rails
|
92
92
|
requirement: !ruby/object:Gem::Requirement
|
93
93
|
requirements:
|
94
94
|
- - ">="
|
@@ -102,19 +102,19 @@ dependencies:
|
|
102
102
|
- !ruby/object:Gem::Version
|
103
103
|
version: '0'
|
104
104
|
- !ruby/object:Gem::Dependency
|
105
|
-
name:
|
105
|
+
name: sqlite3
|
106
106
|
requirement: !ruby/object:Gem::Requirement
|
107
107
|
requirements:
|
108
|
-
- - "
|
108
|
+
- - ">="
|
109
109
|
- !ruby/object:Gem::Version
|
110
|
-
version:
|
110
|
+
version: 1.3.6
|
111
111
|
type: :development
|
112
112
|
prerelease: false
|
113
113
|
version_requirements: !ruby/object:Gem::Requirement
|
114
114
|
requirements:
|
115
|
-
- - "
|
115
|
+
- - ">="
|
116
116
|
- !ruby/object:Gem::Version
|
117
|
-
version:
|
117
|
+
version: 1.3.6
|
118
118
|
description: OpenID Connect extension for Doorkeeper.
|
119
119
|
email:
|
120
120
|
- sam.dengler@playonsports.com
|
@@ -123,22 +123,13 @@ executables: []
|
|
123
123
|
extensions: []
|
124
124
|
extra_rdoc_files: []
|
125
125
|
files:
|
126
|
-
- ".gitignore"
|
127
|
-
- ".ruby-version"
|
128
|
-
- ".travis.yml"
|
129
126
|
- CHANGELOG.md
|
130
|
-
- CONTRIBUTING.md
|
131
|
-
- Gemfile
|
132
127
|
- LICENSE.txt
|
133
128
|
- README.md
|
134
|
-
- Rakefile
|
135
129
|
- app/controllers/doorkeeper/authorizations_controller.rb
|
136
130
|
- app/controllers/doorkeeper/openid_connect/discovery_controller.rb
|
137
131
|
- app/controllers/doorkeeper/openid_connect/userinfo_controller.rb
|
138
|
-
- bin/console
|
139
|
-
- bin/setup
|
140
132
|
- config/locales/en.yml
|
141
|
-
- doorkeeper-openid_connect.gemspec
|
142
133
|
- lib/doorkeeper/oauth/id_token_request.rb
|
143
134
|
- lib/doorkeeper/oauth/id_token_response.rb
|
144
135
|
- lib/doorkeeper/oauth/id_token_token_request.rb
|
@@ -194,7 +185,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
194
185
|
- !ruby/object:Gem::Version
|
195
186
|
version: '0'
|
196
187
|
requirements: []
|
197
|
-
rubygems_version: 3.0.
|
188
|
+
rubygems_version: 3.0.2
|
198
189
|
signing_key:
|
199
190
|
specification_version: 4
|
200
191
|
summary: OpenID Connect extension for Doorkeeper.
|
data/.gitignore
DELETED
data/.ruby-version
DELETED
@@ -1 +0,0 @@
|
|
1
|
-
2.6.5
|
data/.travis.yml
DELETED
@@ -1,27 +0,0 @@
|
|
1
|
-
language: ruby
|
2
|
-
cache: bundler
|
3
|
-
sudo: false
|
4
|
-
|
5
|
-
before_install:
|
6
|
-
- gem update --system
|
7
|
-
# Bundler 2.0 is not compatible with Rails 4.2
|
8
|
-
# https://docs.travis-ci.com/user/languages/ruby/#bundler-20
|
9
|
-
- "find /home/travis/.rvm/rubies -wholename '*default/bundler-*.gemspec' -delete"
|
10
|
-
- rvm @global do gem uninstall bundler -a -x -I || true
|
11
|
-
- gem install bundler -v '< 2'
|
12
|
-
|
13
|
-
before_script:
|
14
|
-
- bundle update
|
15
|
-
- bundle exec rake migrate
|
16
|
-
|
17
|
-
script:
|
18
|
-
- bundle exec rake spec
|
19
|
-
|
20
|
-
env:
|
21
|
-
- rails=5.0.0
|
22
|
-
- rails=5.2.0
|
23
|
-
|
24
|
-
rvm:
|
25
|
-
- 2.4
|
26
|
-
- 2.5
|
27
|
-
- 2.6
|
data/CONTRIBUTING.md
DELETED
@@ -1,45 +0,0 @@
|
|
1
|
-
# Contributing
|
2
|
-
|
3
|
-
## Workflow
|
4
|
-
|
5
|
-
We are using the [Feature Branch Workflow (also known as GitHub Flow)](https://guides.github.com/introduction/flow/), and prefer delivery as pull requests.
|
6
|
-
|
7
|
-
Our first line of defense is the [Travis CI](https://travis-ci.org/doorkeeper-gem/doorkeeper-openid_connect) build defined within [.travis.yml](.travis.yml) and triggered for every pull request.
|
8
|
-
|
9
|
-
Create a feature branch:
|
10
|
-
|
11
|
-
```sh
|
12
|
-
git checkout -B feature/contributing
|
13
|
-
```
|
14
|
-
|
15
|
-
## Creating Good Commits
|
16
|
-
|
17
|
-
The cardinal rule for creating good commits is to ensure there is only one
|
18
|
-
"logical change" per commit. Why is this an important rule?
|
19
|
-
|
20
|
-
* The smaller the amount of code being changed, the quicker & easier it is to
|
21
|
-
review & identify potential flaws.
|
22
|
-
|
23
|
-
* If a change is found to be flawed later, it may be necessary to revert the
|
24
|
-
broken commit. This is much easier to do if there are not other unrelated
|
25
|
-
code changes entangled with the original commit.
|
26
|
-
|
27
|
-
* When troubleshooting problems using Git's bisect capability, small well
|
28
|
-
defined changes will aid in isolating exactly where the code problem was
|
29
|
-
introduced.
|
30
|
-
|
31
|
-
* When browsing history using Git annotate/blame, small well defined changes
|
32
|
-
also aid in isolating exactly where & why a piece of code came from.
|
33
|
-
|
34
|
-
Things to avoid when creating commits:
|
35
|
-
|
36
|
-
* Mixing whitespace changes with functional code changes.
|
37
|
-
* Mixing two unrelated functional changes.
|
38
|
-
* Sending large new features in a single giant commit.
|
39
|
-
|
40
|
-
## Release process
|
41
|
-
|
42
|
-
- Bump version in `lib/doorkeeper/openid_connect/version.rb`
|
43
|
-
- Update `CHANGELOG.md`
|
44
|
-
- Commit all changes
|
45
|
-
- Tag release and publish gem with `rake release`
|
data/Gemfile
DELETED
data/Rakefile
DELETED
@@ -1,24 +0,0 @@
|
|
1
|
-
ENV['RAILS_ENV'] ||= 'test'
|
2
|
-
|
3
|
-
require "bundler/gem_tasks"
|
4
|
-
require "rspec/core/rake_task"
|
5
|
-
|
6
|
-
RSpec::Core::RakeTask.new
|
7
|
-
|
8
|
-
task default: :spec
|
9
|
-
task test: :spec
|
10
|
-
|
11
|
-
desc 'Generate and run migrations in the test application'
|
12
|
-
task :migrate do
|
13
|
-
Dir.chdir('spec/dummy') do
|
14
|
-
system('bin/rails generate doorkeeper:openid_connect:migration')
|
15
|
-
system('bin/rake db:migrate')
|
16
|
-
end
|
17
|
-
end
|
18
|
-
|
19
|
-
desc 'Run server in the test application'
|
20
|
-
task :server do
|
21
|
-
Dir.chdir('spec/dummy') do
|
22
|
-
system('bin/rails server')
|
23
|
-
end
|
24
|
-
end
|
data/bin/console
DELETED
data/bin/setup
DELETED
@@ -1,32 +0,0 @@
|
|
1
|
-
$:.push File.expand_path('../lib', __FILE__)
|
2
|
-
require 'doorkeeper/openid_connect/version'
|
3
|
-
|
4
|
-
Gem::Specification.new do |spec|
|
5
|
-
spec.name = 'doorkeeper-openid_connect'
|
6
|
-
spec.version = Doorkeeper::OpenidConnect::VERSION
|
7
|
-
spec.authors = ['Sam Dengler', 'Markus Koller']
|
8
|
-
spec.email = ['sam.dengler@playonsports.com', 'markus-koller@gmx.ch']
|
9
|
-
spec.homepage = 'https://github.com/doorkeeper-gem/doorkeeper-openid_connect'
|
10
|
-
spec.summary = %q{OpenID Connect extension for Doorkeeper.}
|
11
|
-
spec.description = %q{OpenID Connect extension for Doorkeeper.}
|
12
|
-
spec.license = %q{MIT}
|
13
|
-
|
14
|
-
spec.files = `git ls-files -z`.split("\x0").reject do |f|
|
15
|
-
f.match(%r{^(test|spec|features)/})
|
16
|
-
end
|
17
|
-
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
18
|
-
spec.require_paths = ['lib']
|
19
|
-
|
20
|
-
spec.required_ruby_version = ">= 2.4"
|
21
|
-
|
22
|
-
spec.add_runtime_dependency 'doorkeeper', '>= 5.2', '< 5.4'
|
23
|
-
spec.add_runtime_dependency 'json-jwt', '>= 1.11.0'
|
24
|
-
|
25
|
-
spec.add_development_dependency 'rspec-rails'
|
26
|
-
spec.add_development_dependency 'factory_bot'
|
27
|
-
# We need to stick to this sqlite3 version for Rails 5.0
|
28
|
-
# https://github.com/rails/rails/pull/35154
|
29
|
-
spec.add_development_dependency 'sqlite3', '~> 1.3.6'
|
30
|
-
spec.add_development_dependency 'pry-byebug'
|
31
|
-
spec.add_development_dependency 'conventional-changelog', '~> 1.2'
|
32
|
-
end
|