doorkeeper-openid_connect 1.8.9 → 1.8.11

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4be7fb9d22f08874e5c2a9787b117bf7aa242d7025cd82b6a0a25a87f0a9b884
-  data.tar.gz: 98414bc85490c8d30a1a9af2e9afade375798e6e805353c04b6f73813beae3e0
+  metadata.gz: 3f528fd39b26ece5800ff5a5cc38b8fdd0945c5bd9298e6a03bad7df0f7fe9c9
+  data.tar.gz: cefcf626ab0f1cbf825a792b529b643081c3be96dcdbc922507e06cd3844218c
 SHA512:
-  metadata.gz: 8d565610a8ae44d7476a74c10687023e7469733cc7be62181ba0a7b60186e1dc48eb0d56b9dd38bba31ce49399d1e9856dd72228ac49f143874df885a2142a9b
-  data.tar.gz: 4492366ef87fa2ed9bd256efa44faf68d07a33336892e5cc44e30c199b1953fe4da591eab9359bc0274175cf23ece590b02597dc6c0265f205fce430699f020f
+  metadata.gz: 3a16a5cc0bf3de2e6232900126d111093f6313bc00264ee77e9385260bef586b22152971905b87e728eff7eeb7fde16fd67d73843c13ba88b17925ebc6d41f7b
+  data.tar.gz: d7215370a0be9369fe05a61cd4fee8d2df68a79bdbd104f4cde638e704c83637f23af76369afa532dc68b349f180fdb2ccb6e7772d87647356b0e3018424230e

data/CHANGELOG.md

@@ -2,6 +2,20 @@
 
 - [#PR ID] Add your changelog entry here.
 
+## v1.8.11 (2025-02-10)
+
+- [#219] Test against Ruby 3.4.
+- [#216] Test against Rails 7.1, 7.2, 8.0.
+- [#222] Support max_age=0
+- [#221] Avoid raising invalid_request error on prompt=create
+- [#220] Define priority on possible prompt values to statically & successfully process multiple prompt values
+- [#224] Define priority between max_age & prompt
+
+## v1.8.10 (2024-11-29)
+
+- [#215] Drop support for Ruby 2.7, 3.0 and Rails 6.
+- [#209] Configuration per IdToken expiration (thanks to @martinezcoder)
+
 ## v1.8.9 (2024-05-07)
 
 - Support Doorkeeper 5.7

data/lib/doorkeeper/openid_connect/helpers/controller.rb

@@ -17,8 +17,8 @@ module Doorkeeper
           super.tap do |owner|
             next unless oidc_authorization_request?
 
-            handle_oidc_prompt_param!(owner)
             handle_oidc_max_age_param!(owner)
+            handle_oidc_prompt_param!(owner)
           end
         rescue Errors::OpenidConnectError => e
           handle_oidc_error!(e)
@@ -67,6 +67,11 @@ module Doorkeeper
         def handle_oidc_prompt_param!(owner)
           prompt_values ||= params[:prompt].to_s.split(/ +/).uniq
 
+          priority = ['none', 'consent', 'login', 'select_account']
+          prompt_values.sort_by! do |prompt|
+            priority.find_index(prompt).to_i
+          end
+
           prompt_values.each do |prompt|
             case prompt
             when 'none'
@@ -79,6 +84,8 @@ module Doorkeeper
               render :new if owner
             when 'select_account'
               select_account_for_oidc_resource_owner(owner)
+            when 'create'
+              # NOTE: not supported, but not raise error.
             else
               raise Errors::InvalidRequest
             end
@@ -87,13 +94,16 @@ module Doorkeeper
 
         def handle_oidc_max_age_param!(owner)
           max_age = params[:max_age].to_i
-          return unless max_age > 0 && owner
+          return unless (params[:max_age].to_s == '0' || max_age > 0) && owner
 
           auth_time = instance_exec(
             owner,
             &Doorkeeper::OpenidConnect.configuration.auth_time_from_resource_owner
           )
 
+          # NOTE: clock skew
+          max_age = [1, max_age].max
+
           if !auth_time || (Time.zone.now - auth_time) > max_age
             reauthenticate_oidc_resource_owner(owner)
           end

data/lib/doorkeeper/openid_connect/id_token.rb

@@ -7,11 +7,12 @@ module Doorkeeper
 
       attr_reader :nonce
 
-      def initialize(access_token, nonce = nil)
+      def initialize(access_token, nonce = nil, expires_in = Doorkeeper::OpenidConnect.configuration.expiration)
         @access_token = access_token
         @nonce = nonce
         @resource_owner = Doorkeeper::OpenidConnect.configuration.resource_owner_from_access_token.call(access_token)
         @issued_at = Time.zone.now
+        @expires_in = expires_in
       end
 
       def claims
@@ -57,7 +58,7 @@ module Doorkeeper
       end
 
       def expiration
-        (@issued_at.utc + Doorkeeper::OpenidConnect.configuration.expiration).to_i
+        (@issued_at.utc + @expires_in).to_i
       end
 
       def issued_at

data/lib/doorkeeper/openid_connect/version.rb

@@ -2,6 +2,6 @@
 
 module Doorkeeper
   module OpenidConnect
-    VERSION = '1.8.9'
+    VERSION = '1.8.11'
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: doorkeeper-openid_connect
 version: !ruby/object:Gem::Version
-  version: 1.8.9
+  version: 1.8.11
 platform: ruby
 authors:
 - Sam Dengler
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-05-07 00:00:00.000000000 Z
+date: 2025-02-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: doorkeeper
@@ -21,7 +21,7 @@ dependencies:
         version: '5.5'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '5.8'
+        version: '5.9'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -31,7 +31,21 @@ dependencies:
         version: '5.5'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '5.8'
+        version: '5.9'
+- !ruby/object:Gem::Dependency
+  name: ostruct
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.5'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.5'
 - !ruby/object:Gem::Dependency
   name: jwt
   requirement: !ruby/object:Gem::Requirement
@@ -46,6 +60,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '2.5'
+- !ruby/object:Gem::Dependency
+  name: bigdecimal
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: conventional-changelog
   requirement: !ruby/object:Gem::Requirement
@@ -60,6 +88,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: drb
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: factory_bot
   requirement: !ruby/object:Gem::Requirement
@@ -74,6 +116,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: mutex_m
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: pry-byebug
   requirement: !ruby/object:Gem::Requirement
@@ -179,7 +235,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.7'
+      version: '3.1'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="