doorkeeper-openid_connect 1.7.4 → 1.7.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +12 -0
- data/README.md +29 -0
- data/app/controllers/doorkeeper/openid_connect/discovery_controller.rb +24 -8
- data/app/controllers/doorkeeper/openid_connect/userinfo_controller.rb +1 -1
- data/lib/doorkeeper/openid_connect/config.rb +4 -0
- data/lib/doorkeeper/openid_connect/orm/active_record/request.rb +1 -1
- data/lib/doorkeeper/openid_connect/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 8faf5bba278059c030aab079426353b543baa68bc374991f6ba243454cd09aac
|
4
|
+
data.tar.gz: 06f56eb8b593086cc03fee056efb4d82447fd40cdd341b354ed371fde47dec63
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d40202cdca7cddf5606674a4c08a4894ba9be7f8ec072520c73e81e1da48c87ba3e1c95573e0baa1ddcccaa20201eeb76d9af947e3f772223f2a4c658c730e92
|
7
|
+
data.tar.gz: a36e15a4cdc316a82a67cc842731149ec5522e27dc21569d2c33bdbe292afc5bc81d6c4f93679c0b7ada133dcfb5e43ae4250470709a58371664f83d983e38bb
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,17 @@
|
|
1
1
|
## Unreleased
|
2
2
|
|
3
|
+
## v1.7.5 (2020-12-15)
|
4
|
+
|
5
|
+
### Changes
|
6
|
+
|
7
|
+
- [#126] Add discovery_url_options option for discovery endpoints URL generation (thanks to @phlegx)
|
8
|
+
|
9
|
+
### Bugfixes
|
10
|
+
|
11
|
+
- [#123] Remove reference to ApplicationRecord (thanks to @wheeyls)
|
12
|
+
- [#124] Clone doorkeeper.grant_flows array before appending 'refresh_token' (thanks to @davidbasalla)
|
13
|
+
- [#129] Avoid to use the config alias while supporting Doorkeeper 5.2 (thanks to @kymmt90)
|
14
|
+
|
3
15
|
## v1.7.4 (2020-07-06)
|
4
16
|
|
5
17
|
- [#119] Execute end_session_endpoint in the controllers context (thanks to @joeljunstrom)
|
data/README.md
CHANGED
@@ -161,6 +161,35 @@ The following settings are optional:
|
|
161
161
|
- Used by implementations like https://github.com/IdentityModel/oidc-client-js.
|
162
162
|
- The block is executed in the controller's scope, so you have access to your route helpers.
|
163
163
|
|
164
|
+
- `discovery_url_options`
|
165
|
+
- The URL options for every available endpoint to use when generating the endpoint URL in the
|
166
|
+
discovery response. Available endpoints: `authorization`, `token`, `revocation`,
|
167
|
+
`introspection`, `userinfo`, `jwks`, `webfinger`.
|
168
|
+
- This option requires option keys with an available endpoint and
|
169
|
+
[URL options](https://api.rubyonrails.org/v6.0.3.3/classes/ActionDispatch/Routing/UrlFor.html#method-i-url_for)
|
170
|
+
as value.
|
171
|
+
- The default is to use the request host, just like all the other URLs in the discovery response.
|
172
|
+
- This is useful when you want endpoints to use a different URL than other requests.
|
173
|
+
For example, if your Doorkeeper server is behind a firewall with other servers, you might want
|
174
|
+
other servers to use an "internal" URL to communicate with Doorkeeper, but you want to present
|
175
|
+
an "external" URL to end-users for authentication requests. Note that this setting does not
|
176
|
+
actually change the URL that your Doorkeeper server responds on - that is outside the scope of
|
177
|
+
Doorkeeper.
|
178
|
+
|
179
|
+
```ruby
|
180
|
+
# config/initializers/doorkeeper_openid_connect.rb
|
181
|
+
Doorkeeper::OpenidConnect.configure do
|
182
|
+
# ...
|
183
|
+
discovery_url_options do |request|
|
184
|
+
{
|
185
|
+
authorization: { host: 'host.example.com' },
|
186
|
+
jwks: { protocol: request.ssl? ? :https : :http }
|
187
|
+
}
|
188
|
+
end
|
189
|
+
# ...
|
190
|
+
end
|
191
|
+
```
|
192
|
+
|
164
193
|
### Scopes
|
165
194
|
|
166
195
|
To perform authentication over OpenID Connect, an OAuth client needs to request the `openid` scope. This scope needs to be enabled using either `optional_scopes` in the global Doorkeeper configuration in `config/initializers/doorkeeper.rb`, or by adding it to any OAuth application's `scope` attribute.
|
@@ -26,12 +26,12 @@ module Doorkeeper
|
|
26
26
|
openid_connect = ::Doorkeeper::OpenidConnect.configuration
|
27
27
|
{
|
28
28
|
issuer: openid_connect.issuer,
|
29
|
-
authorization_endpoint: oauth_authorization_url(
|
30
|
-
token_endpoint: oauth_token_url(
|
31
|
-
revocation_endpoint: oauth_revoke_url(
|
32
|
-
introspection_endpoint: oauth_introspect_url(
|
33
|
-
userinfo_endpoint: oauth_userinfo_url(
|
34
|
-
jwks_uri: oauth_discovery_keys_url(
|
29
|
+
authorization_endpoint: oauth_authorization_url(authorization_url_options),
|
30
|
+
token_endpoint: oauth_token_url(token_url_options),
|
31
|
+
revocation_endpoint: oauth_revoke_url(revocation_url_options),
|
32
|
+
introspection_endpoint: oauth_introspect_url(introspection_url_options),
|
33
|
+
userinfo_endpoint: oauth_userinfo_url(userinfo_url_options),
|
34
|
+
jwks_uri: oauth_discovery_keys_url(jwks_url_options),
|
35
35
|
end_session_endpoint: instance_exec(&openid_connect.end_session_endpoint),
|
36
36
|
|
37
37
|
scopes_supported: doorkeeper.scopes,
|
@@ -71,7 +71,7 @@ module Doorkeeper
|
|
71
71
|
end
|
72
72
|
|
73
73
|
def grant_types_supported(doorkeeper)
|
74
|
-
grant_types_supported = doorkeeper.grant_flows
|
74
|
+
grant_types_supported = doorkeeper.grant_flows.dup
|
75
75
|
grant_types_supported << 'refresh_token' if doorkeeper.refresh_token_enabled?
|
76
76
|
grant_types_supported
|
77
77
|
end
|
@@ -82,7 +82,7 @@ module Doorkeeper
|
|
82
82
|
links: [
|
83
83
|
{
|
84
84
|
rel: WEBFINGER_RELATION,
|
85
|
-
href: root_url(
|
85
|
+
href: root_url(webfinger_url_options),
|
86
86
|
}
|
87
87
|
]
|
88
88
|
}
|
@@ -104,6 +104,22 @@ module Doorkeeper
|
|
104
104
|
def protocol
|
105
105
|
Doorkeeper::OpenidConnect.configuration.protocol.call
|
106
106
|
end
|
107
|
+
|
108
|
+
def discovery_url_options
|
109
|
+
Doorkeeper::OpenidConnect.configuration.discovery_url_options.call(request)
|
110
|
+
end
|
111
|
+
|
112
|
+
def discovery_url_default_options
|
113
|
+
{
|
114
|
+
protocol: protocol
|
115
|
+
}
|
116
|
+
end
|
117
|
+
|
118
|
+
%i[authorization token revocation introspection userinfo jwks webfinger].each do |endpoint|
|
119
|
+
define_method :"#{endpoint}_url_options" do
|
120
|
+
discovery_url_default_options.merge(discovery_url_options[endpoint.to_sym] || {})
|
121
|
+
end
|
122
|
+
end
|
107
123
|
end
|
108
124
|
end
|
109
125
|
end
|
@@ -3,7 +3,7 @@
|
|
3
3
|
module Doorkeeper
|
4
4
|
module OpenidConnect
|
5
5
|
class UserinfoController < ::Doorkeeper::ApplicationController
|
6
|
-
unless Doorkeeper.
|
6
|
+
unless Doorkeeper.configuration.api_only
|
7
7
|
skip_before_action :verify_authenticity_token
|
8
8
|
end
|
9
9
|
before_action -> { doorkeeper_authorize! :openid }
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: doorkeeper-openid_connect
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.7.
|
4
|
+
version: 1.7.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sam Dengler
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2020-
|
12
|
+
date: 2020-12-16 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: doorkeeper
|
@@ -186,7 +186,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
186
186
|
- !ruby/object:Gem::Version
|
187
187
|
version: '0'
|
188
188
|
requirements: []
|
189
|
-
rubygems_version: 3.
|
189
|
+
rubygems_version: 3.1.4
|
190
190
|
signing_key:
|
191
191
|
specification_version: 4
|
192
192
|
summary: OpenID Connect extension for Doorkeeper.
|