doorkeeper-openid_connect 1.7.1 → 1.7.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -0
- data/README.md +4 -0
- data/app/controllers/doorkeeper/authorizations_controller.rb +1 -1
- data/app/controllers/doorkeeper/openid_connect/discovery_controller.rb +16 -13
- data/app/controllers/doorkeeper/openid_connect/userinfo_controller.rb +2 -0
- data/lib/doorkeeper/oauth/id_token_request.rb +7 -1
- data/lib/doorkeeper/oauth/id_token_response.rb +2 -0
- data/lib/doorkeeper/oauth/id_token_token_request.rb +2 -0
- data/lib/doorkeeper/oauth/id_token_token_response.rb +2 -0
- data/lib/doorkeeper/openid_connect.rb +3 -1
- data/lib/doorkeeper/openid_connect/claims/aggregated_claim.rb +2 -0
- data/lib/doorkeeper/openid_connect/claims/claim.rb +6 -4
- data/lib/doorkeeper/openid_connect/claims/distributed_claim.rb +2 -0
- data/lib/doorkeeper/openid_connect/claims/normal_claim.rb +2 -0
- data/lib/doorkeeper/openid_connect/claims_builder.rb +3 -1
- data/lib/doorkeeper/openid_connect/config.rb +16 -10
- data/lib/doorkeeper/openid_connect/engine.rb +2 -0
- data/lib/doorkeeper/openid_connect/errors.rb +2 -0
- data/lib/doorkeeper/openid_connect/helpers/controller.rb +24 -15
- data/lib/doorkeeper/openid_connect/id_token.rb +3 -1
- data/lib/doorkeeper/openid_connect/id_token_token.rb +2 -0
- data/lib/doorkeeper/openid_connect/oauth/authorization/code.rb +25 -8
- data/lib/doorkeeper/openid_connect/oauth/authorization_code_request.rb +4 -2
- data/lib/doorkeeper/openid_connect/oauth/password_access_token_request.rb +3 -1
- data/lib/doorkeeper/openid_connect/oauth/pre_authorization.rb +11 -4
- data/lib/doorkeeper/openid_connect/oauth/token_response.rb +3 -1
- data/lib/doorkeeper/openid_connect/orm/active_record.rb +2 -0
- data/lib/doorkeeper/openid_connect/orm/active_record/access_grant.rb +3 -1
- data/lib/doorkeeper/openid_connect/orm/active_record/request.rb +5 -3
- data/lib/doorkeeper/openid_connect/rails/routes.rb +3 -1
- data/lib/doorkeeper/openid_connect/rails/routes/mapper.rb +2 -0
- data/lib/doorkeeper/openid_connect/rails/routes/mapping.rb +2 -0
- data/lib/doorkeeper/openid_connect/response_types_config.rb +3 -1
- data/lib/doorkeeper/openid_connect/user_info.rb +2 -0
- data/lib/doorkeeper/openid_connect/version.rb +3 -1
- data/lib/doorkeeper/request/id_token.rb +2 -0
- data/lib/doorkeeper/request/id_token_token.rb +2 -0
- data/lib/generators/doorkeeper/openid_connect/install_generator.rb +4 -2
- data/lib/generators/doorkeeper/openid_connect/migration_generator.rb +3 -1
- data/lib/generators/doorkeeper/openid_connect/templates/initializer.rb +7 -5
- metadata +21 -30
- data/.gitignore +0 -8
- data/.ruby-version +0 -1
- data/.travis.yml +0 -27
- data/CONTRIBUTING.md +0 -45
- data/Gemfile +0 -8
- data/Rakefile +0 -24
- data/bin/console +0 -9
- data/bin/setup +0 -8
- data/doorkeeper-openid_connect.gemspec +0 -32
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: dd500337bf3593b1f15ab64da67dd2da940797271fd1a169e47f2542371d6930
|
|
4
|
+
data.tar.gz: 4c3fdae9aca104f74f2bcf2e2805d09fe784e75326e3fa2382de8ba74133987a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 887f767a61bd22be260dfb2b3d37de2e3334b25ff53aacbf9b6b41aecb88a287ae308d9fd65950e7c850ab023569d08cb1c31cceda4182cb667c3b61a984406e
|
|
7
|
+
data.tar.gz: 670454a6c3e5dbe69dcb511e68acbb63b2b558410a3ae0268400918dd11e3ae4d320fb1bd7d876cade2b7313132c925befcd51ad0bd023bfb826f36ee9d127b9
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
|
@@ -152,6 +152,10 @@ The following settings are optional:
|
|
|
152
152
|
- Note that the OIDC specification mandates HTTPS, so you shouldn't change this
|
|
153
153
|
for production environments unless you have a really good reason!
|
|
154
154
|
|
|
155
|
+
- `end_session_endpoint`
|
|
156
|
+
- The URL that the user is redirected to after ending the session on the client.
|
|
157
|
+
- Used by implementations like https://github.com/IdentityModel/oidc-client-js.
|
|
158
|
+
|
|
155
159
|
### Scopes
|
|
156
160
|
|
|
157
161
|
To perform authentication over OpenID Connect, an OAuth client needs to request the `openid` scope. This scope needs to be enabled using either `optional_scopes` in the global Doorkeeper configuration in `config/initializers/doorkeeper.rb`, or by adding it to any OAuth application's `scope` attribute.
|
|
@@ -1,9 +1,11 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module Doorkeeper
|
|
2
4
|
module OpenidConnect
|
|
3
5
|
class DiscoveryController < ::Doorkeeper::ApplicationController
|
|
4
6
|
include Doorkeeper::Helpers::Controller
|
|
5
7
|
|
|
6
|
-
WEBFINGER_RELATION = 'http://openid.net/specs/connect/1.0/issuer'
|
|
8
|
+
WEBFINGER_RELATION = 'http://openid.net/specs/connect/1.0/issuer'
|
|
7
9
|
|
|
8
10
|
def provider
|
|
9
11
|
render json: provider_response
|
|
@@ -30,20 +32,21 @@ module Doorkeeper
|
|
|
30
32
|
introspection_endpoint: oauth_introspect_url(protocol: protocol),
|
|
31
33
|
userinfo_endpoint: oauth_userinfo_url(protocol: protocol),
|
|
32
34
|
jwks_uri: oauth_discovery_keys_url(protocol: protocol),
|
|
35
|
+
end_session_endpoint: openid_connect.end_session_endpoint.call,
|
|
33
36
|
|
|
34
37
|
scopes_supported: doorkeeper.scopes,
|
|
35
38
|
|
|
36
39
|
# TODO: support id_token response type
|
|
37
40
|
response_types_supported: doorkeeper.authorization_response_types,
|
|
38
|
-
response_modes_supported: [
|
|
41
|
+
response_modes_supported: ['query', 'fragment'],
|
|
39
42
|
|
|
40
43
|
token_endpoint_auth_methods_supported: [
|
|
41
44
|
'client_secret_basic',
|
|
42
45
|
'client_secret_post',
|
|
43
46
|
|
|
44
47
|
# TODO: look into doorkeeper-jwt_assertion for these
|
|
45
|
-
#'client_secret_jwt',
|
|
46
|
-
#'private_key_jwt'
|
|
48
|
+
# 'client_secret_jwt',
|
|
49
|
+
# 'private_key_jwt'
|
|
47
50
|
],
|
|
48
51
|
|
|
49
52
|
subject_types_supported: openid_connect.subject_types_supported,
|
|
@@ -56,18 +59,18 @@ module Doorkeeper
|
|
|
56
59
|
'normal',
|
|
57
60
|
|
|
58
61
|
# TODO: support these
|
|
59
|
-
#'aggregated',
|
|
60
|
-
#'distributed',
|
|
62
|
+
# 'aggregated',
|
|
63
|
+
# 'distributed',
|
|
61
64
|
],
|
|
62
65
|
|
|
63
|
-
claims_supported: [
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
66
|
+
claims_supported: %w[
|
|
67
|
+
iss
|
|
68
|
+
sub
|
|
69
|
+
aud
|
|
70
|
+
exp
|
|
71
|
+
iat
|
|
69
72
|
] | openid_connect.claims.to_h.keys,
|
|
70
|
-
}
|
|
73
|
+
}.compact
|
|
71
74
|
end
|
|
72
75
|
|
|
73
76
|
def webfinger_response
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module Doorkeeper
|
|
2
4
|
module OAuth
|
|
3
5
|
class IdTokenRequest
|
|
@@ -10,7 +12,11 @@ module Doorkeeper
|
|
|
10
12
|
|
|
11
13
|
def authorize
|
|
12
14
|
@auth = Authorization::Token.new(pre_auth, resource_owner)
|
|
13
|
-
@auth.issue_token
|
|
15
|
+
if @auth.respond_to?(:issue_token!)
|
|
16
|
+
@auth.issue_token!
|
|
17
|
+
else
|
|
18
|
+
@auth.issue_token
|
|
19
|
+
end
|
|
14
20
|
response
|
|
15
21
|
end
|
|
16
22
|
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require 'doorkeeper'
|
|
2
4
|
require 'active_model'
|
|
3
5
|
require 'json/jwt'
|
|
@@ -42,7 +44,7 @@ module Doorkeeper
|
|
|
42
44
|
|
|
43
45
|
def self.signing_key
|
|
44
46
|
key =
|
|
45
|
-
if [
|
|
47
|
+
if %i[HS256 HS384 HS512].include?(signing_algorithm)
|
|
46
48
|
configuration.signing_key
|
|
47
49
|
else
|
|
48
50
|
OpenSSL::PKey.read(configuration.signing_key)
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module Doorkeeper
|
|
2
4
|
module OpenidConnect
|
|
3
5
|
module Claims
|
|
@@ -11,10 +13,10 @@ module Doorkeeper
|
|
|
11
13
|
name family_name given_name middle_name nickname preferred_username
|
|
12
14
|
profile picture website gender birthdate zoneinfo locale updated_at
|
|
13
15
|
],
|
|
14
|
-
email: %i[
|
|
15
|
-
address: %i[
|
|
16
|
-
phone: %i[
|
|
17
|
-
}
|
|
16
|
+
email: %i[email email_verified],
|
|
17
|
+
address: %i[address],
|
|
18
|
+
phone: %i[phone_number phone_number_verified],
|
|
19
|
+
}.freeze
|
|
18
20
|
|
|
19
21
|
def initialize(options = {})
|
|
20
22
|
@name = options[:name].to_sym
|
|
@@ -1,15 +1,17 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module Doorkeeper
|
|
2
4
|
module OpenidConnect
|
|
3
5
|
def self.configure(&block)
|
|
4
6
|
if Doorkeeper.configuration.orm != :active_record
|
|
5
|
-
|
|
7
|
+
raise Errors::InvalidConfiguration, 'Doorkeeper OpenID Connect currently only supports the ActiveRecord ORM adapter'
|
|
6
8
|
end
|
|
7
9
|
|
|
8
10
|
@config = Config::Builder.new(&block).build
|
|
9
11
|
end
|
|
10
12
|
|
|
11
13
|
def self.configuration
|
|
12
|
-
@config || (
|
|
14
|
+
@config || (raise Errors::MissingConfiguration)
|
|
13
15
|
end
|
|
14
16
|
|
|
15
17
|
class Config
|
|
@@ -23,12 +25,12 @@ module Doorkeeper
|
|
|
23
25
|
@config
|
|
24
26
|
end
|
|
25
27
|
|
|
26
|
-
def jws_public_key(*
|
|
27
|
-
puts
|
|
28
|
+
def jws_public_key(*_args)
|
|
29
|
+
puts 'DEPRECATION WARNING: `jws_public_key` is not needed anymore and will be removed in a future version, please remove it from config/initializers/doorkeeper_openid_connect.rb'
|
|
28
30
|
end
|
|
29
31
|
|
|
30
32
|
def jws_private_key(*args)
|
|
31
|
-
puts
|
|
33
|
+
puts 'DEPRECATION WARNING: `jws_private_key` has been replaced by `signing_key` and will be removed in a future version, please remove it from config/initializers/doorkeeper_openid_connect.rb'
|
|
32
34
|
signing_key(*args)
|
|
33
35
|
end
|
|
34
36
|
end
|
|
@@ -71,7 +73,7 @@ module Doorkeeper
|
|
|
71
73
|
value = if attribute_builder
|
|
72
74
|
attribute_builder.new(&block).build
|
|
73
75
|
else
|
|
74
|
-
block
|
|
76
|
+
block || args.first
|
|
75
77
|
end
|
|
76
78
|
|
|
77
79
|
@config.instance_variable_set(:"@#{attribute}", value)
|
|
@@ -102,19 +104,19 @@ module Doorkeeper
|
|
|
102
104
|
option :subject_types_supported, default: [:public]
|
|
103
105
|
|
|
104
106
|
option :resource_owner_from_access_token, default: lambda { |*_|
|
|
105
|
-
|
|
107
|
+
raise Errors::InvalidConfiguration, I18n.translate('doorkeeper.openid_connect.errors.messages.resource_owner_from_access_token_not_configured')
|
|
106
108
|
}
|
|
107
109
|
|
|
108
110
|
option :auth_time_from_resource_owner, default: lambda { |*_|
|
|
109
|
-
|
|
111
|
+
raise Errors::InvalidConfiguration, I18n.translate('doorkeeper.openid_connect.errors.messages.auth_time_from_resource_owner_not_configured')
|
|
110
112
|
}
|
|
111
113
|
|
|
112
114
|
option :reauthenticate_resource_owner, default: lambda { |*_|
|
|
113
|
-
|
|
115
|
+
raise Errors::InvalidConfiguration, I18n.translate('doorkeeper.openid_connect.errors.messages.reauthenticate_resource_owner_not_configured')
|
|
114
116
|
}
|
|
115
117
|
|
|
116
118
|
option :subject, default: lambda { |*_|
|
|
117
|
-
|
|
119
|
+
raise Errors::InvalidConfiguration, I18n.translate('doorkeeper.openid_connect.errors.messages.subject_not_configured')
|
|
118
120
|
}
|
|
119
121
|
|
|
120
122
|
option :expiration, default: 120
|
|
@@ -124,6 +126,10 @@ module Doorkeeper
|
|
|
124
126
|
option :protocol, default: lambda { |*_|
|
|
125
127
|
::Rails.env.production? ? :https : :http
|
|
126
128
|
}
|
|
129
|
+
|
|
130
|
+
option :end_session_endpoint, default: lambda { |*_|
|
|
131
|
+
nil
|
|
132
|
+
}
|
|
127
133
|
end
|
|
128
134
|
end
|
|
129
135
|
end
|
|
@@ -1,9 +1,18 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module Doorkeeper
|
|
2
4
|
module OpenidConnect
|
|
3
5
|
module Helpers
|
|
4
6
|
module Controller
|
|
5
7
|
private
|
|
6
8
|
|
|
9
|
+
# FIXME: remove after Doorkeeper will merge it
|
|
10
|
+
def current_resource_owner
|
|
11
|
+
return @current_resource_owner if defined?(@current_resource_owner)
|
|
12
|
+
|
|
13
|
+
super
|
|
14
|
+
end
|
|
15
|
+
|
|
7
16
|
def authenticate_resource_owner!
|
|
8
17
|
super.tap do |owner|
|
|
9
18
|
next unless oidc_authorization_request?
|
|
@@ -11,8 +20,8 @@ module Doorkeeper
|
|
|
11
20
|
handle_oidc_prompt_param!(owner)
|
|
12
21
|
handle_oidc_max_age_param!(owner)
|
|
13
22
|
end
|
|
14
|
-
rescue Errors::OpenidConnectError =>
|
|
15
|
-
handle_oidc_error!(
|
|
23
|
+
rescue Errors::OpenidConnectError => e
|
|
24
|
+
handle_oidc_error!(e)
|
|
16
25
|
end
|
|
17
26
|
|
|
18
27
|
def oidc_authorization_request?
|
|
@@ -30,17 +39,17 @@ module Doorkeeper
|
|
|
30
39
|
@_response_body = nil
|
|
31
40
|
|
|
32
41
|
error_response = if exception.type == :invalid_request
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
42
|
+
::Doorkeeper::OAuth::InvalidRequestResponse.new(
|
|
43
|
+
name: exception.type,
|
|
44
|
+
state: params[:state],
|
|
45
|
+
redirect_uri: params[:redirect_uri],
|
|
46
|
+
)
|
|
47
|
+
else
|
|
48
|
+
::Doorkeeper::OAuth::ErrorResponse.new(
|
|
49
|
+
name: exception.type,
|
|
50
|
+
state: params[:state],
|
|
51
|
+
redirect_uri: params[:redirect_uri],
|
|
52
|
+
)
|
|
44
53
|
end
|
|
45
54
|
|
|
46
55
|
response.headers.merge!(error_response.headers)
|
|
@@ -58,7 +67,7 @@ module Doorkeeper
|
|
|
58
67
|
prompt_values.each do |prompt|
|
|
59
68
|
case prompt
|
|
60
69
|
when 'none'
|
|
61
|
-
raise Errors::InvalidRequest if (prompt_values - [
|
|
70
|
+
raise Errors::InvalidRequest if (prompt_values - ['none']).any?
|
|
62
71
|
raise Errors::LoginRequired unless owner
|
|
63
72
|
raise Errors::ConsentRequired if oidc_consent_required?
|
|
64
73
|
when 'login'
|
|
@@ -111,5 +120,5 @@ module Doorkeeper
|
|
|
111
120
|
end
|
|
112
121
|
end
|
|
113
122
|
|
|
114
|
-
Helpers::Controller.
|
|
123
|
+
Helpers::Controller.prepend OpenidConnect::Helpers::Controller
|
|
115
124
|
end
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module Doorkeeper
|
|
2
4
|
module OpenidConnect
|
|
3
5
|
class IdToken
|
|
@@ -9,7 +11,7 @@ module Doorkeeper
|
|
|
9
11
|
@access_token = access_token
|
|
10
12
|
@nonce = nonce
|
|
11
13
|
@resource_owner = Doorkeeper::OpenidConnect.configuration.resource_owner_from_access_token.call(access_token)
|
|
12
|
-
@issued_at = Time.now
|
|
14
|
+
@issued_at = Time.zone.now
|
|
13
15
|
end
|
|
14
16
|
|
|
15
17
|
def claims
|
|
@@ -1,22 +1,39 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module Doorkeeper
|
|
2
4
|
module OpenidConnect
|
|
3
5
|
module OAuth
|
|
4
6
|
module Authorization
|
|
5
7
|
module Code
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
8
|
+
if Doorkeeper::OAuth::Authorization::Code.method_defined?(:issue_token!)
|
|
9
|
+
def issue_token!
|
|
10
|
+
super.tap do |access_grant|
|
|
11
|
+
create_openid_request(access_grant) if pre_auth.nonce.present?
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
alias issue_token issue_token!
|
|
16
|
+
else
|
|
17
|
+
# FIXME: drop this after dropping support of Doorkeeper < 5.4
|
|
18
|
+
def issue_token
|
|
19
|
+
super.tap do |access_grant|
|
|
20
|
+
create_openid_request(access_grant) if pre_auth.nonce.present?
|
|
13
21
|
end
|
|
14
22
|
end
|
|
15
23
|
end
|
|
24
|
+
|
|
25
|
+
private
|
|
26
|
+
|
|
27
|
+
def create_openid_request(access_grant)
|
|
28
|
+
::Doorkeeper::OpenidConnect::Request.create!(
|
|
29
|
+
access_grant: access_grant,
|
|
30
|
+
nonce: pre_auth.nonce
|
|
31
|
+
)
|
|
32
|
+
end
|
|
16
33
|
end
|
|
17
34
|
end
|
|
18
35
|
end
|
|
19
36
|
end
|
|
20
37
|
|
|
21
|
-
OAuth::Authorization::Code.
|
|
38
|
+
OAuth::Authorization::Code.prepend OpenidConnect::OAuth::Authorization::Code
|
|
22
39
|
end
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module Doorkeeper
|
|
2
4
|
module OpenidConnect
|
|
3
5
|
module OAuth
|
|
@@ -8,7 +10,7 @@ module Doorkeeper
|
|
|
8
10
|
super
|
|
9
11
|
|
|
10
12
|
nonce =
|
|
11
|
-
if openid_request = grant.openid_request
|
|
13
|
+
if (openid_request = grant.openid_request)
|
|
12
14
|
openid_request.destroy!
|
|
13
15
|
openid_request.nonce
|
|
14
16
|
end
|
|
@@ -20,5 +22,5 @@ module Doorkeeper
|
|
|
20
22
|
end
|
|
21
23
|
end
|
|
22
24
|
|
|
23
|
-
OAuth::AuthorizationCodeRequest.
|
|
25
|
+
OAuth::AuthorizationCodeRequest.prepend OpenidConnect::OAuth::AuthorizationCodeRequest
|
|
24
26
|
end
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module Doorkeeper
|
|
2
4
|
module OpenidConnect
|
|
3
5
|
module OAuth
|
|
@@ -20,5 +22,5 @@ module Doorkeeper
|
|
|
20
22
|
end
|
|
21
23
|
end
|
|
22
24
|
|
|
23
|
-
OAuth::PasswordAccessTokenRequest.
|
|
25
|
+
OAuth::PasswordAccessTokenRequest.prepend OpenidConnect::OAuth::PasswordAccessTokenRequest
|
|
24
26
|
end
|
|
@@ -1,11 +1,18 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module Doorkeeper
|
|
2
4
|
module OpenidConnect
|
|
3
5
|
module OAuth
|
|
4
6
|
module PreAuthorization
|
|
5
7
|
attr_reader :nonce
|
|
6
8
|
|
|
7
|
-
def initialize(server, attrs = {})
|
|
8
|
-
|
|
9
|
+
def initialize(server, attrs = {}, resource_owner = nil)
|
|
10
|
+
if (Doorkeeper::VERSION::MAJOR >= 5 && Doorkeeper::VERSION::MINOR >= 4) ||
|
|
11
|
+
Doorkeeper::VERSION::MAJOR >= 6
|
|
12
|
+
super
|
|
13
|
+
else
|
|
14
|
+
super(server, attrs)
|
|
15
|
+
end
|
|
9
16
|
@nonce = attrs[:nonce]
|
|
10
17
|
end
|
|
11
18
|
|
|
@@ -22,11 +29,11 @@ module Doorkeeper
|
|
|
22
29
|
private
|
|
23
30
|
|
|
24
31
|
def response_on_fragment?
|
|
25
|
-
response_type ==
|
|
32
|
+
response_type == 'token' || response_type == 'id_token' || response_type == 'id_token token'
|
|
26
33
|
end
|
|
27
34
|
end
|
|
28
35
|
end
|
|
29
36
|
end
|
|
30
37
|
|
|
31
|
-
OAuth::PreAuthorization.
|
|
38
|
+
OAuth::PreAuthorization.prepend OpenidConnect::OAuth::PreAuthorization
|
|
32
39
|
end
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module Doorkeeper
|
|
2
4
|
module OpenidConnect
|
|
3
5
|
module OAuth
|
|
@@ -19,5 +21,5 @@ module Doorkeeper
|
|
|
19
21
|
end
|
|
20
22
|
end
|
|
21
23
|
|
|
22
|
-
OAuth::TokenResponse.
|
|
24
|
+
OAuth::TokenResponse.prepend OpenidConnect::OAuth::TokenResponse
|
|
23
25
|
end
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module Doorkeeper
|
|
2
4
|
module OpenidConnect
|
|
3
5
|
module AccessGrant
|
|
@@ -12,5 +14,5 @@ module Doorkeeper
|
|
|
12
14
|
end
|
|
13
15
|
end
|
|
14
16
|
|
|
15
|
-
AccessGrant.
|
|
17
|
+
AccessGrant.prepend OpenidConnect::AccessGrant
|
|
16
18
|
end
|
|
@@ -1,12 +1,14 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module Doorkeeper
|
|
2
4
|
module OpenidConnect
|
|
3
|
-
class Request <
|
|
5
|
+
class Request < ApplicationRecord
|
|
4
6
|
self.table_name = "#{table_name_prefix}oauth_openid_requests#{table_name_suffix}".to_sym
|
|
5
7
|
|
|
6
8
|
validates :access_grant_id, :nonce, presence: true
|
|
7
9
|
belongs_to :access_grant,
|
|
8
|
-
|
|
9
|
-
|
|
10
|
+
class_name: 'Doorkeeper::AccessGrant',
|
|
11
|
+
inverse_of: :openid_request
|
|
10
12
|
end
|
|
11
13
|
end
|
|
12
14
|
end
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require 'doorkeeper/openid_connect/rails/routes/mapping'
|
|
2
4
|
require 'doorkeeper/openid_connect/rails/routes/mapper'
|
|
3
5
|
|
|
@@ -12,7 +14,7 @@ module Doorkeeper
|
|
|
12
14
|
end
|
|
13
15
|
|
|
14
16
|
def self.install!
|
|
15
|
-
ActionDispatch::Routing::Mapper.
|
|
17
|
+
ActionDispatch::Routing::Mapper.include Doorkeeper::OpenidConnect::Rails::Routes::Helper
|
|
16
18
|
end
|
|
17
19
|
|
|
18
20
|
attr_accessor :routes
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module Doorkeeper
|
|
2
4
|
module OpenidConnect
|
|
3
5
|
module ResponseTypeConfig
|
|
@@ -13,5 +15,5 @@ module Doorkeeper
|
|
|
13
15
|
end
|
|
14
16
|
end
|
|
15
17
|
|
|
16
|
-
Config.
|
|
18
|
+
Config.prepend OpenidConnect::ResponseTypeConfig
|
|
17
19
|
end
|
|
@@ -1,13 +1,15 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module Doorkeeper
|
|
2
4
|
module OpenidConnect
|
|
3
5
|
class InstallGenerator < ::Rails::Generators::Base
|
|
4
6
|
include ::Rails::Generators::Migration
|
|
5
|
-
source_root File.expand_path('
|
|
7
|
+
source_root File.expand_path('templates', __dir__)
|
|
6
8
|
desc 'Installs Doorkeeper OpenID Connect.'
|
|
7
9
|
|
|
8
10
|
def install
|
|
9
11
|
template 'initializer.rb', 'config/initializers/doorkeeper_openid_connect.rb'
|
|
10
|
-
copy_file File.expand_path('
|
|
12
|
+
copy_file File.expand_path('../../../../config/locales/en.yml', __dir__), 'config/locales/doorkeeper_openid_connect.en.yml'
|
|
11
13
|
route 'use_doorkeeper_openid_connect'
|
|
12
14
|
end
|
|
13
15
|
end
|
|
@@ -1,10 +1,12 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require 'rails/generators/active_record'
|
|
2
4
|
|
|
3
5
|
module Doorkeeper
|
|
4
6
|
module OpenidConnect
|
|
5
7
|
class MigrationGenerator < ::Rails::Generators::Base
|
|
6
8
|
include ::Rails::Generators::Migration
|
|
7
|
-
source_root File.expand_path('
|
|
9
|
+
source_root File.expand_path('templates', __dir__)
|
|
8
10
|
desc 'Installs Doorkeeper OpenID Connect migration file.'
|
|
9
11
|
|
|
10
12
|
def install
|
|
@@ -1,11 +1,13 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
Doorkeeper::OpenidConnect.configure do
|
|
2
4
|
issuer 'issuer string'
|
|
3
5
|
|
|
4
|
-
signing_key
|
|
5
|
-
-----BEGIN RSA PRIVATE KEY-----
|
|
6
|
-
....
|
|
7
|
-
-----END RSA PRIVATE KEY-----
|
|
8
|
-
|
|
6
|
+
signing_key <<~KEY
|
|
7
|
+
-----BEGIN RSA PRIVATE KEY-----
|
|
8
|
+
....
|
|
9
|
+
-----END RSA PRIVATE KEY-----
|
|
10
|
+
KEY
|
|
9
11
|
|
|
10
12
|
subject_types_supported [:public]
|
|
11
13
|
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: doorkeeper-openid_connect
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.7.
|
|
4
|
+
version: 1.7.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sam Dengler
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2020-
|
|
12
|
+
date: 2020-05-20 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: doorkeeper
|
|
@@ -20,7 +20,7 @@ dependencies:
|
|
|
20
20
|
version: '5.2'
|
|
21
21
|
- - "<"
|
|
22
22
|
- !ruby/object:Gem::Version
|
|
23
|
-
version: '5.
|
|
23
|
+
version: '5.5'
|
|
24
24
|
type: :runtime
|
|
25
25
|
prerelease: false
|
|
26
26
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -30,7 +30,7 @@ dependencies:
|
|
|
30
30
|
version: '5.2'
|
|
31
31
|
- - "<"
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: '5.
|
|
33
|
+
version: '5.5'
|
|
34
34
|
- !ruby/object:Gem::Dependency
|
|
35
35
|
name: json-jwt
|
|
36
36
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -46,19 +46,19 @@ dependencies:
|
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
47
|
version: 1.11.0
|
|
48
48
|
- !ruby/object:Gem::Dependency
|
|
49
|
-
name:
|
|
49
|
+
name: conventional-changelog
|
|
50
50
|
requirement: !ruby/object:Gem::Requirement
|
|
51
51
|
requirements:
|
|
52
|
-
- - "
|
|
52
|
+
- - "~>"
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
|
-
version: '
|
|
54
|
+
version: '1.2'
|
|
55
55
|
type: :development
|
|
56
56
|
prerelease: false
|
|
57
57
|
version_requirements: !ruby/object:Gem::Requirement
|
|
58
58
|
requirements:
|
|
59
|
-
- - "
|
|
59
|
+
- - "~>"
|
|
60
60
|
- !ruby/object:Gem::Version
|
|
61
|
-
version: '
|
|
61
|
+
version: '1.2'
|
|
62
62
|
- !ruby/object:Gem::Dependency
|
|
63
63
|
name: factory_bot
|
|
64
64
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -74,21 +74,21 @@ dependencies:
|
|
|
74
74
|
- !ruby/object:Gem::Version
|
|
75
75
|
version: '0'
|
|
76
76
|
- !ruby/object:Gem::Dependency
|
|
77
|
-
name:
|
|
77
|
+
name: pry-byebug
|
|
78
78
|
requirement: !ruby/object:Gem::Requirement
|
|
79
79
|
requirements:
|
|
80
|
-
- - "
|
|
80
|
+
- - ">="
|
|
81
81
|
- !ruby/object:Gem::Version
|
|
82
|
-
version:
|
|
82
|
+
version: '0'
|
|
83
83
|
type: :development
|
|
84
84
|
prerelease: false
|
|
85
85
|
version_requirements: !ruby/object:Gem::Requirement
|
|
86
86
|
requirements:
|
|
87
|
-
- - "
|
|
87
|
+
- - ">="
|
|
88
88
|
- !ruby/object:Gem::Version
|
|
89
|
-
version:
|
|
89
|
+
version: '0'
|
|
90
90
|
- !ruby/object:Gem::Dependency
|
|
91
|
-
name:
|
|
91
|
+
name: rspec-rails
|
|
92
92
|
requirement: !ruby/object:Gem::Requirement
|
|
93
93
|
requirements:
|
|
94
94
|
- - ">="
|
|
@@ -102,19 +102,19 @@ dependencies:
|
|
|
102
102
|
- !ruby/object:Gem::Version
|
|
103
103
|
version: '0'
|
|
104
104
|
- !ruby/object:Gem::Dependency
|
|
105
|
-
name:
|
|
105
|
+
name: sqlite3
|
|
106
106
|
requirement: !ruby/object:Gem::Requirement
|
|
107
107
|
requirements:
|
|
108
|
-
- - "
|
|
108
|
+
- - ">="
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
|
-
version:
|
|
110
|
+
version: 1.3.6
|
|
111
111
|
type: :development
|
|
112
112
|
prerelease: false
|
|
113
113
|
version_requirements: !ruby/object:Gem::Requirement
|
|
114
114
|
requirements:
|
|
115
|
-
- - "
|
|
115
|
+
- - ">="
|
|
116
116
|
- !ruby/object:Gem::Version
|
|
117
|
-
version:
|
|
117
|
+
version: 1.3.6
|
|
118
118
|
description: OpenID Connect extension for Doorkeeper.
|
|
119
119
|
email:
|
|
120
120
|
- sam.dengler@playonsports.com
|
|
@@ -123,22 +123,13 @@ executables: []
|
|
|
123
123
|
extensions: []
|
|
124
124
|
extra_rdoc_files: []
|
|
125
125
|
files:
|
|
126
|
-
- ".gitignore"
|
|
127
|
-
- ".ruby-version"
|
|
128
|
-
- ".travis.yml"
|
|
129
126
|
- CHANGELOG.md
|
|
130
|
-
- CONTRIBUTING.md
|
|
131
|
-
- Gemfile
|
|
132
127
|
- LICENSE.txt
|
|
133
128
|
- README.md
|
|
134
|
-
- Rakefile
|
|
135
129
|
- app/controllers/doorkeeper/authorizations_controller.rb
|
|
136
130
|
- app/controllers/doorkeeper/openid_connect/discovery_controller.rb
|
|
137
131
|
- app/controllers/doorkeeper/openid_connect/userinfo_controller.rb
|
|
138
|
-
- bin/console
|
|
139
|
-
- bin/setup
|
|
140
132
|
- config/locales/en.yml
|
|
141
|
-
- doorkeeper-openid_connect.gemspec
|
|
142
133
|
- lib/doorkeeper/oauth/id_token_request.rb
|
|
143
134
|
- lib/doorkeeper/oauth/id_token_response.rb
|
|
144
135
|
- lib/doorkeeper/oauth/id_token_token_request.rb
|
|
@@ -194,7 +185,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
194
185
|
- !ruby/object:Gem::Version
|
|
195
186
|
version: '0'
|
|
196
187
|
requirements: []
|
|
197
|
-
rubygems_version: 3.0.
|
|
188
|
+
rubygems_version: 3.0.2
|
|
198
189
|
signing_key:
|
|
199
190
|
specification_version: 4
|
|
200
191
|
summary: OpenID Connect extension for Doorkeeper.
|
data/.gitignore
DELETED
data/.ruby-version
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
2.6.5
|
data/.travis.yml
DELETED
|
@@ -1,27 +0,0 @@
|
|
|
1
|
-
language: ruby
|
|
2
|
-
cache: bundler
|
|
3
|
-
sudo: false
|
|
4
|
-
|
|
5
|
-
before_install:
|
|
6
|
-
- gem update --system
|
|
7
|
-
# Bundler 2.0 is not compatible with Rails 4.2
|
|
8
|
-
# https://docs.travis-ci.com/user/languages/ruby/#bundler-20
|
|
9
|
-
- "find /home/travis/.rvm/rubies -wholename '*default/bundler-*.gemspec' -delete"
|
|
10
|
-
- rvm @global do gem uninstall bundler -a -x -I || true
|
|
11
|
-
- gem install bundler -v '< 2'
|
|
12
|
-
|
|
13
|
-
before_script:
|
|
14
|
-
- bundle update
|
|
15
|
-
- bundle exec rake migrate
|
|
16
|
-
|
|
17
|
-
script:
|
|
18
|
-
- bundle exec rake spec
|
|
19
|
-
|
|
20
|
-
env:
|
|
21
|
-
- rails=5.0.0
|
|
22
|
-
- rails=5.2.0
|
|
23
|
-
|
|
24
|
-
rvm:
|
|
25
|
-
- 2.4
|
|
26
|
-
- 2.5
|
|
27
|
-
- 2.6
|
data/CONTRIBUTING.md
DELETED
|
@@ -1,45 +0,0 @@
|
|
|
1
|
-
# Contributing
|
|
2
|
-
|
|
3
|
-
## Workflow
|
|
4
|
-
|
|
5
|
-
We are using the [Feature Branch Workflow (also known as GitHub Flow)](https://guides.github.com/introduction/flow/), and prefer delivery as pull requests.
|
|
6
|
-
|
|
7
|
-
Our first line of defense is the [Travis CI](https://travis-ci.org/doorkeeper-gem/doorkeeper-openid_connect) build defined within [.travis.yml](.travis.yml) and triggered for every pull request.
|
|
8
|
-
|
|
9
|
-
Create a feature branch:
|
|
10
|
-
|
|
11
|
-
```sh
|
|
12
|
-
git checkout -B feature/contributing
|
|
13
|
-
```
|
|
14
|
-
|
|
15
|
-
## Creating Good Commits
|
|
16
|
-
|
|
17
|
-
The cardinal rule for creating good commits is to ensure there is only one
|
|
18
|
-
"logical change" per commit. Why is this an important rule?
|
|
19
|
-
|
|
20
|
-
* The smaller the amount of code being changed, the quicker & easier it is to
|
|
21
|
-
review & identify potential flaws.
|
|
22
|
-
|
|
23
|
-
* If a change is found to be flawed later, it may be necessary to revert the
|
|
24
|
-
broken commit. This is much easier to do if there are not other unrelated
|
|
25
|
-
code changes entangled with the original commit.
|
|
26
|
-
|
|
27
|
-
* When troubleshooting problems using Git's bisect capability, small well
|
|
28
|
-
defined changes will aid in isolating exactly where the code problem was
|
|
29
|
-
introduced.
|
|
30
|
-
|
|
31
|
-
* When browsing history using Git annotate/blame, small well defined changes
|
|
32
|
-
also aid in isolating exactly where & why a piece of code came from.
|
|
33
|
-
|
|
34
|
-
Things to avoid when creating commits:
|
|
35
|
-
|
|
36
|
-
* Mixing whitespace changes with functional code changes.
|
|
37
|
-
* Mixing two unrelated functional changes.
|
|
38
|
-
* Sending large new features in a single giant commit.
|
|
39
|
-
|
|
40
|
-
## Release process
|
|
41
|
-
|
|
42
|
-
- Bump version in `lib/doorkeeper/openid_connect/version.rb`
|
|
43
|
-
- Update `CHANGELOG.md`
|
|
44
|
-
- Commit all changes
|
|
45
|
-
- Tag release and publish gem with `rake release`
|
data/Gemfile
DELETED
data/Rakefile
DELETED
|
@@ -1,24 +0,0 @@
|
|
|
1
|
-
ENV['RAILS_ENV'] ||= 'test'
|
|
2
|
-
|
|
3
|
-
require "bundler/gem_tasks"
|
|
4
|
-
require "rspec/core/rake_task"
|
|
5
|
-
|
|
6
|
-
RSpec::Core::RakeTask.new
|
|
7
|
-
|
|
8
|
-
task default: :spec
|
|
9
|
-
task test: :spec
|
|
10
|
-
|
|
11
|
-
desc 'Generate and run migrations in the test application'
|
|
12
|
-
task :migrate do
|
|
13
|
-
Dir.chdir('spec/dummy') do
|
|
14
|
-
system('bin/rails generate doorkeeper:openid_connect:migration')
|
|
15
|
-
system('bin/rake db:migrate')
|
|
16
|
-
end
|
|
17
|
-
end
|
|
18
|
-
|
|
19
|
-
desc 'Run server in the test application'
|
|
20
|
-
task :server do
|
|
21
|
-
Dir.chdir('spec/dummy') do
|
|
22
|
-
system('bin/rails server')
|
|
23
|
-
end
|
|
24
|
-
end
|
data/bin/console
DELETED
data/bin/setup
DELETED
|
@@ -1,32 +0,0 @@
|
|
|
1
|
-
$:.push File.expand_path('../lib', __FILE__)
|
|
2
|
-
require 'doorkeeper/openid_connect/version'
|
|
3
|
-
|
|
4
|
-
Gem::Specification.new do |spec|
|
|
5
|
-
spec.name = 'doorkeeper-openid_connect'
|
|
6
|
-
spec.version = Doorkeeper::OpenidConnect::VERSION
|
|
7
|
-
spec.authors = ['Sam Dengler', 'Markus Koller']
|
|
8
|
-
spec.email = ['sam.dengler@playonsports.com', 'markus-koller@gmx.ch']
|
|
9
|
-
spec.homepage = 'https://github.com/doorkeeper-gem/doorkeeper-openid_connect'
|
|
10
|
-
spec.summary = %q{OpenID Connect extension for Doorkeeper.}
|
|
11
|
-
spec.description = %q{OpenID Connect extension for Doorkeeper.}
|
|
12
|
-
spec.license = %q{MIT}
|
|
13
|
-
|
|
14
|
-
spec.files = `git ls-files -z`.split("\x0").reject do |f|
|
|
15
|
-
f.match(%r{^(test|spec|features)/})
|
|
16
|
-
end
|
|
17
|
-
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
|
18
|
-
spec.require_paths = ['lib']
|
|
19
|
-
|
|
20
|
-
spec.required_ruby_version = ">= 2.4"
|
|
21
|
-
|
|
22
|
-
spec.add_runtime_dependency 'doorkeeper', '>= 5.2', '< 5.4'
|
|
23
|
-
spec.add_runtime_dependency 'json-jwt', '>= 1.11.0'
|
|
24
|
-
|
|
25
|
-
spec.add_development_dependency 'rspec-rails'
|
|
26
|
-
spec.add_development_dependency 'factory_bot'
|
|
27
|
-
# We need to stick to this sqlite3 version for Rails 5.0
|
|
28
|
-
# https://github.com/rails/rails/pull/35154
|
|
29
|
-
spec.add_development_dependency 'sqlite3', '~> 1.3.6'
|
|
30
|
-
spec.add_development_dependency 'pry-byebug'
|
|
31
|
-
spec.add_development_dependency 'conventional-changelog', '~> 1.2'
|
|
32
|
-
end
|