doorkeeper-openid_connect 1.8.2 → 1.8.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +11 -1
- data/README.md +1 -1
- data/app/controllers/doorkeeper/openid_connect/discovery_controller.rb +8 -0
- data/lib/doorkeeper/openid_connect/helpers/controller.rb +1 -1
- data/lib/doorkeeper/openid_connect/id_token.rb +4 -3
- data/lib/doorkeeper/openid_connect/orm/active_record.rb +1 -1
- data/lib/doorkeeper/openid_connect/version.rb +1 -1
- data/lib/doorkeeper/openid_connect.rb +3 -11
- metadata +7 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 981e1ef7a0f2f47cf63c8824c7cdfa802127f291a54836cb3a20e39b1bcd7ca9
|
|
4
|
+
data.tar.gz: 95b4e9a230daaebeee5df8d251a78921fe85178bbd656b7acd868afbb0871c83
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 569d7fcb3e77e8e77f2e3a2abe6b02c6664416e136e30fecc2c78462c74a87b936ec9b1d665d90c062db4b5ce2078ec26a93b938912b2e97dc6ebbb7c93ac94d
|
|
7
|
+
data.tar.gz: 60df7a49cef6ee6ff57efc4b9fc775053d0406015a9dc3fac0455d6177f86dcf98b8d6384204fc54033c2b4bb82a8947808e960543c47c1cceba1796035a5e63
|
data/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,16 @@
|
|
|
1
1
|
## Unreleased
|
|
2
2
|
|
|
3
|
-
- [#] Add here
|
|
3
|
+
- [#PR ID] Add your changelog entry here.
|
|
4
|
+
- [#185] Don't call active_record_options for Doorkeeper >= 5.6.3.
|
|
5
|
+
- [#183] stop render consent screen when user is not logged-in.
|
|
6
|
+
|
|
7
|
+
## v1.8.3 (2022-12-02)
|
|
8
|
+
|
|
9
|
+
- [#180] Add PKCE support to OpenID discovery endpoint.
|
|
10
|
+
|
|
11
|
+
## Unreleased next
|
|
12
|
+
|
|
13
|
+
- [#177] Replace `json-jwt` with `ruby-jwt` to align with doorkeeper-jwt.
|
|
4
14
|
|
|
5
15
|
## v1.8.2 (2022-07-13)
|
|
6
16
|
|
data/README.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# Doorkeeper::OpenidConnect
|
|
2
2
|
|
|
3
|
-
[](https://github.com/doorkeeper-gem/doorkeeper-openid_connect/actions)
|
|
4
4
|
[](https://codeclimate.com/github/doorkeeper-gem/doorkeeper-openid_connect)
|
|
5
5
|
[](https://rubygems.org/gems/doorkeeper-openid_connect)
|
|
6
6
|
|
|
@@ -68,6 +68,8 @@ module Doorkeeper
|
|
|
68
68
|
exp
|
|
69
69
|
iat
|
|
70
70
|
] | openid_connect.claims.to_h.keys,
|
|
71
|
+
|
|
72
|
+
code_challenge_methods_supported: code_challenge_methods_supported(doorkeeper),
|
|
71
73
|
}.compact
|
|
72
74
|
end
|
|
73
75
|
|
|
@@ -81,6 +83,12 @@ module Doorkeeper
|
|
|
81
83
|
doorkeeper.authorization_response_flows.flat_map(&:response_mode_matches).uniq
|
|
82
84
|
end
|
|
83
85
|
|
|
86
|
+
def code_challenge_methods_supported(doorkeeper)
|
|
87
|
+
return unless doorkeeper.access_grant_model.pkce_supported?
|
|
88
|
+
|
|
89
|
+
%w[plain S256]
|
|
90
|
+
end
|
|
91
|
+
|
|
84
92
|
def webfinger_response
|
|
85
93
|
{
|
|
86
94
|
subject: params.require(:resource),
|
|
@@ -31,9 +31,10 @@ module Doorkeeper
|
|
|
31
31
|
end
|
|
32
32
|
|
|
33
33
|
def as_jws_token
|
|
34
|
-
|
|
35
|
-
Doorkeeper::OpenidConnect.signing_key,
|
|
36
|
-
Doorkeeper::OpenidConnect.signing_algorithm
|
|
34
|
+
JWT.encode(as_json,
|
|
35
|
+
Doorkeeper::OpenidConnect.signing_key.keypair,
|
|
36
|
+
Doorkeeper::OpenidConnect.signing_algorithm.to_s,
|
|
37
|
+
{ kid: Doorkeeper::OpenidConnect.signing_key.kid }
|
|
37
38
|
).to_s
|
|
38
39
|
end
|
|
39
40
|
|
|
@@ -18,7 +18,7 @@ module Doorkeeper
|
|
|
18
18
|
Doorkeeper::AccessGrant.prepend Doorkeeper::OpenidConnect::AccessGrant
|
|
19
19
|
end
|
|
20
20
|
|
|
21
|
-
if Doorkeeper.configuration.active_record_options[:establish_connection]
|
|
21
|
+
if Doorkeeper.configuration.respond_to?(:active_record_options) && Doorkeeper.configuration.active_record_options[:establish_connection]
|
|
22
22
|
[Doorkeeper::OpenidConnect::Request].each do |c|
|
|
23
23
|
c.send :establish_connection, Doorkeeper.configuration.active_record_options[:establish_connection]
|
|
24
24
|
end
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
require 'doorkeeper'
|
|
4
4
|
require 'active_model'
|
|
5
|
-
require '
|
|
5
|
+
require 'jwt'
|
|
6
6
|
|
|
7
7
|
require 'doorkeeper/request'
|
|
8
8
|
require 'doorkeeper/request/id_token'
|
|
@@ -48,19 +48,11 @@ module Doorkeeper
|
|
|
48
48
|
else
|
|
49
49
|
OpenSSL::PKey.read(configuration.signing_key)
|
|
50
50
|
end
|
|
51
|
-
|
|
51
|
+
JWT::JWK.new(key)
|
|
52
52
|
end
|
|
53
53
|
|
|
54
54
|
def self.signing_key_normalized
|
|
55
|
-
|
|
56
|
-
case key[:kty].to_sym
|
|
57
|
-
when :RSA
|
|
58
|
-
key.slice(:kty, :kid, :e, :n)
|
|
59
|
-
when :EC
|
|
60
|
-
key.slice(:kty, :kid, :crv, :x, :y)
|
|
61
|
-
when :oct
|
|
62
|
-
key.slice(:kty, :kid)
|
|
63
|
-
end
|
|
55
|
+
signing_key.export
|
|
64
56
|
end
|
|
65
57
|
|
|
66
58
|
Doorkeeper::GrantFlow.register(
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: doorkeeper-openid_connect
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.8.
|
|
4
|
+
version: 1.8.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sam Dengler
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2023-02-01 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: doorkeeper
|
|
@@ -32,19 +32,19 @@ dependencies:
|
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
33
|
version: '5.7'
|
|
34
34
|
- !ruby/object:Gem::Dependency
|
|
35
|
-
name:
|
|
35
|
+
name: jwt
|
|
36
36
|
requirement: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
38
|
- - ">="
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version:
|
|
40
|
+
version: '2.5'
|
|
41
41
|
type: :runtime
|
|
42
42
|
prerelease: false
|
|
43
43
|
version_requirements: !ruby/object:Gem::Requirement
|
|
44
44
|
requirements:
|
|
45
45
|
- - ">="
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
|
-
version:
|
|
47
|
+
version: '2.5'
|
|
48
48
|
- !ruby/object:Gem::Dependency
|
|
49
49
|
name: conventional-changelog
|
|
50
50
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -177,14 +177,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
177
177
|
requirements:
|
|
178
178
|
- - ">="
|
|
179
179
|
- !ruby/object:Gem::Version
|
|
180
|
-
version: '2.
|
|
180
|
+
version: '2.6'
|
|
181
181
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
182
182
|
requirements:
|
|
183
183
|
- - ">="
|
|
184
184
|
- !ruby/object:Gem::Version
|
|
185
185
|
version: '0'
|
|
186
186
|
requirements: []
|
|
187
|
-
rubygems_version: 3.1.
|
|
187
|
+
rubygems_version: 3.1.6
|
|
188
188
|
signing_key:
|
|
189
189
|
specification_version: 4
|
|
190
190
|
summary: OpenID Connect extension for Doorkeeper.
|