RubyGems - gds-sso - Versions diffs - 9.2.7 → 9.3.0 - Mend

gds-sso 9.2.7 → 9.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

data/Gemfile +7 -0
data/lib/gds-sso.rb +2 -5
data/lib/gds-sso/bearer_token.rb +62 -0
data/lib/gds-sso/config.rb +4 -0
data/lib/gds-sso/failure_app.rb +3 -1
data/lib/gds-sso/version.rb +1 -1
data/lib/gds-sso/warden_config.rb +5 -100
data/spec/fixtures/integration/authorize_api_users.sql +5 -2
data/spec/fixtures/integration/signonotron2.sql +8 -2
data/spec/internal/db/combustion_test.sqlite +0 -0
data/spec/internal/log/test.log +260 -224
data/spec/requests/end_to_end_spec.rb +6 -0
metadata +71 -54

data/Gemfile CHANGED Viewed

@@ -2,3 +2,10 @@ source "https://rubygems.org"
 # Specify your gem's dependencies in gds-sso.gemspec
 gemspec
+# The test suite currently assumes a Rails 3.2 client.
+# TODO: Investigate a matrix build against multiple Rails versions.
+gem 'rails', '~> 3.2.19'
+## Gems added to resolve dependency resolution
+gem 'mechanize', '2.6.0'

data/lib/gds-sso.rb CHANGED Viewed

@@ -2,6 +2,7 @@ require 'rails'
 require 'gds-sso/config'
 require 'gds-sso/warden_config'
+require 'omniauth'
 require 'omniauth-gds'
 module GDS
@@ -32,12 +33,8 @@ module GDS
           }
       end
-      def self.use_mock_strategies?
-        ['development', 'test'].include?(Rails.env) && ENV['GDS_SSO_STRATEGY'] != 'real'
-      end
       def self.default_strategies
-        use_mock_strategies? ? [:mock_gds_sso, :mock_gds_sso_api_access] : [:gds_sso, :gds_bearer_token]
+        Config.use_mock_strategies? ? [:mock_gds_sso, :gds_bearer_token] : [:gds_sso, :gds_bearer_token]
       end
       config.app_middleware.use Warden::Manager do |config|

data/lib/gds-sso/bearer_token.rb ADDED Viewed

@@ -0,0 +1,62 @@
+require 'multi_json'
+require 'oauth2'
+module GDS
+  module SSO
+    module BearerToken
+      def self.locate(token_string)
+        access_token = OAuth2::AccessToken.new(oauth_client, token_string)
+        response_body = access_token.get("/user.json?client_id=#{CGI.escape(GDS::SSO::Config.oauth_id)}").body
+        user_details = omniauth_style_response(response_body)
+        GDS::SSO::Config.user_klass.find_for_gds_oauth(user_details)
+      rescue OAuth2::Error
+        nil
+      end
+      def self.oauth_client
+        @oauth_client ||= OAuth2::Client.new(
+          GDS::SSO::Config.oauth_id,
+          GDS::SSO::Config.oauth_secret,
+          :site => GDS::SSO::Config.oauth_root_url
+        )
+      end
+      # Our User code assumes we're getting our user data back
+      # via omniauth and so receiving it in omniauth's preferred
+      # structure. Here we're addressing signonotron directly so
+      # we need to transform the response ourselves.
+      def self.omniauth_style_response(response_body)
+        input = MultiJson.decode(response_body)['user']
+        {
+          'uid' => input['uid'],
+          'info' => {
+            'email' => input['email'],
+            'name' => input['name']
+          },
+          'extra' => {
+            'user' => {
+              'permissions' => input['permissions'],
+              'organisation_slug' => input['organisation_slug'],
+            }
+          }
+        }
+      end
+    end
+    module MockBearerToken
+      def self.locate(token_string)
+        dummy_api_user = GDS::SSO.test_user || GDS::SSO::Config.user_klass.where(email: "dummyapiuser@domain.com").first
+        if dummy_api_user.nil?
+          dummy_api_user = GDS::SSO::Config.user_klass.new
+          dummy_api_user.email = "dummyapiuser@domain.com"
+          dummy_api_user.uid = "#{rand(10000)}"
+          dummy_api_user.name = "Dummy API user created by gds-sso"
+          dummy_api_user.permissions = ["signin"]
+          dummy_api_user.save!
+        end
+        dummy_api_user
+      end
+    end
+  end
+end

data/lib/gds-sso/config.rb CHANGED Viewed

@@ -21,6 +21,10 @@ module GDS
       def self.user_klass
         user_model.to_s.constantize
       end
+      def self.use_mock_strategies?
+        ['development', 'test'].include?(Rails.env) && ENV['GDS_SSO_STRATEGY'] != 'real'
+      end
     end
   end
 end

data/lib/gds-sso/failure_app.rb CHANGED Viewed

@@ -12,7 +12,9 @@ module GDS
       include Rails.application.routes.url_helpers
       def self.call(env)
-        if ! ::GDS::SSO::ApiAccess.api_call?(env)
+        if ::GDS::SSO::ApiAccess.api_call?(env)
+          [ 401, {'WWW-Authenticate' => %(Bearer error="invalid_token") }, [] ]
+        else
           action(:redirect).call(env)
         end
       end

data/lib/gds-sso/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module GDS
   module SSO
-    VERSION = "9.2.7"
+    VERSION = "9.3.0"
   end
 end

data/lib/gds-sso/warden_config.rb CHANGED Viewed

@@ -1,5 +1,6 @@
 require 'warden'
-require 'gds-sso/user'
+require 'warden-oauth2'
+require 'gds-sso/bearer_token'
 def logger
   if Rails.logger # if we are actually running in a rails app
@@ -65,82 +66,10 @@ Warden::Strategies.add(:gds_sso) do
   end
 end
-Warden::Strategies.add(:gds_bearer_token) do
-  def valid?
-    ::GDS::SSO::ApiAccess.api_call?(env) &&
-      ::GDS::SSO::ApiAccess.oauth_api_call?(env)
-  end
-  def authenticate!
-    logger.debug("Authenticating with gds_bearer_token strategy")
-    begin
-      access_token = OAuth2::AccessToken.new(oauth_client, token_from_authorization_header)
-      response_body = access_token.get('/user.json').body
-      user_details = omniauth_style_response(response_body)
-      user = prep_user(user_details)
-      success!(user)
-    rescue OAuth2::Error
-      custom!(unauthorized)
-    end
-  end
-  def oauth_client
-    @oauth_client ||= OAuth2::Client.new(
-      GDS::SSO::Config.oauth_id,
-      GDS::SSO::Config.oauth_secret,
-      :site => GDS::SSO::Config.oauth_root_url
-    )
-  end
-  def token_from_authorization_header
-    env['HTTP_AUTHORIZATION'].gsub(/Bearer /, '')
-  end
-  # Our User code assumes we're getting our user data back
-  # via omniauth and so receiving it in omniauth's preferred
-  # structure. Here we're addressing signonotron directly so
-  # we need to transform the response ourselves.
-  #
-  # There may be a way to simplify matters by having this
-  # strategy work via omniauth too but I've not worked out how
-  # to wire that up yet.
-  def omniauth_style_response(response_body)
-    input = MultiJson.decode(response_body)['user']
-    {
-      'uid' => input['uid'],
-      'info' => {
-        'email' => input['email'],
-        'name' => input['name']
-      },
-      'extra' => {
-        'user' => {
-          'permissions' => input['permissions'],
-          'organisation_slug' => input['organisation_slug'],
-        }
-      }
-    }
-  end
-  def prep_user(auth_hash)
-    user = GDS::SSO::Config.user_klass.find_for_gds_oauth(auth_hash)
-    custom!(unauthorized) unless user
-    user
-  end
-  def unauthorized
-    [
-      401,
-      {
-        'Content-Type' => 'text/plain',
-        'Content-Length' => '0',
-        'WWW-Authenticate' => %(Bearer error="invalid_token")
-      },
-      []
-    ]
-  end
+Warden::OAuth2.configure do |config|
+  config.token_model = GDS::SSO::Config.use_mock_strategies? ? GDS::SSO::MockBearerToken : GDS::SSO::BearerToken
 end
+Warden::Strategies.add(:gds_bearer_token, Warden::OAuth2::Strategies::Bearer)
 Warden::Strategies.add(:mock_gds_sso) do
   def valid?
@@ -168,27 +97,3 @@ Warden::Strategies.add(:mock_gds_sso) do
     end
   end
 end
-Warden::Strategies.add(:mock_gds_sso_api_access) do
-  def valid?
-    ::GDS::SSO::ApiAccess.api_call?(env)
-  end
-  def authenticate!
-    logger.debug("Authenticating with mock_gds_sso_api_access strategy")
-    dummy_api_user = GDS::SSO.test_user || GDS::SSO::Config.user_klass.where(email: "dummyapiuser@domain.com").first
-    if dummy_api_user.nil?
-      dummy_api_user = GDS::SSO::Config.user_klass.new(
-        {
-          email: "dummyapiuser@domain.com",
-          uid: "#{rand(10000)}",
-          name: "Dummy API user created by gds-sso"
-        },
-        {as: :oauth}
-      )
-      dummy_api_user.permissions = ["signin"]
-      dummy_api_user.save!
-    end
-    success!(dummy_api_user)
-  end
-end

data/spec/fixtures/integration/authorize_api_users.sql CHANGED Viewed

@@ -1,4 +1,7 @@
 DELETE FROM `oauth_access_tokens`;
-INSERT INTO oauth_access_tokens VALUES
-  (NULL, 1, 1, 'caaeb53be5c7277fb0ef158181bfd1537b57f9e3b83eb795be3cd0af6e118b28', '1bc343797483954d7306d67e96687feccdfdaa8b23ed662ae23e2b03e6661d16', 307584000, NULL, '2012-06-27 13:57:47', NULL);
+INSERT INTO oauth_access_tokens (resource_owner_id, application_id, token, refresh_token, expires_in, created_at)
+  VALUES (1, 1, 'caaeb53be5c7277fb0ef158181bfd1537b57f9e3b83eb795be3cd0af6e118b28', '1bc343797483954d7306d67e96687feccdfdaa8b23ed662ae23e2b03e6661d16', 307584000, '2012-06-27 13:57:47');
+INSERT INTO oauth_access_tokens (resource_owner_id, application_id, token, refresh_token, expires_in, created_at)
+  VALUES (1, 2, '98c72f4da02fdc43398e029d05567542944d2a9b0df3c20b0accd8bd6c5dc728', 'e2da0489a58219fd4f542139909737627874ceacd2af23f5c268ccecb36e85af', 307584000, '2014-07-14 09:06:14');

data/spec/fixtures/integration/signonotron2.sql CHANGED Viewed

@@ -8,10 +8,16 @@ DELETE FROM `users`;
 -- Setup fixture data
 INSERT INTO `oauth_applications` (id, name, uid, secret, redirect_uri, created_at, updated_at, home_uri, description)
               VALUES (1,'GDS_SSO integration test','gds-sso-test','secret','http://www.example-client.com/auth/gds/callback','2012-04-19 13:26:54','2012-04-19 13:26:54', 'http://home.com', 'GDS_SSO integration test');
+INSERT INTO `oauth_applications` (id, name, uid, secret, redirect_uri, created_at, updated_at, home_uri, description)
+              VALUES (2,'A different appilcation','application-2','different secret','http://www.example-client2.com/auth/gds/callback','2014-07-14-09:07:32','2014-07-14-09:07:32', 'http://www.example-client2.com', '');
 INSERT INTO `users` (id, email, encrypted_password, password_salt, created_at, updated_at, confirmed_at, name, uid, role)
               VALUES (1,'test@example-client.com','bb8e19edbaa1e7721abe0faa5c1663a7685950093b8c7eceb0f2e3889bdea4c5f17ca97820b2c663edf46ea532d1a9baa04b680fc537b4de8a3f376dd28e3ffd','MpLsZ8q1UaAojTa6bTC6','2012-04-19 13:26:54','2012-04-19 13:26:54','2012-04-19 13:26:54','Test User','integration-uid', "normal");
-INSERT INTO `permissions` (id, user_id, application_id, permissions) VALUES (1,1,1,"---
+INSERT INTO `permissions` (user_id, application_id, permissions) VALUES (1,1,"---
+- signin
+");
+INSERT INTO `permissions` (user_id, application_id, permissions) VALUES (1,2,"---
 - signin
 ");

data/spec/internal/db/combustion_test.sqlite CHANGED Viewed

Binary file

data/spec/internal/log/test.log CHANGED Viewed

@@ -1,376 +1,412 @@
 Connecting to database specified by database.yml
-  [1m[36m (18.4ms)[0m  [1mselect sqlite_version(*)[0m
-  [1m[35m (13.8ms)[0m  CREATE TABLE "users" ("id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, "name" varchar(255) NOT NULL, "uid" varchar(255) NOT NULL, "email" varchar(255) NOT NULL, "remotely_signed_out" boolean, "permissions" text, "organisation_slug" varchar(255))
-  [1m[36m (8.5ms)[0m  [1mCREATE TABLE "schema_migrations" ("version" varchar(255) NOT NULL) [0m
-  [1m[35m (9.5ms)[0m  CREATE UNIQUE INDEX "unique_schema_migrations" ON "schema_migrations" ("version")
+  [1m[36m (22.7ms)[0m  [1mselect sqlite_version(*)[0m
+  [1m[35m (16.0ms)[0m  CREATE TABLE "users" ("id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, "name" varchar(255) NOT NULL, "uid" varchar(255) NOT NULL, "email" varchar(255) NOT NULL, "remotely_signed_out" boolean, "permissions" text, "organisation_slug" varchar(255))
+  [1m[36m (8.3ms)[0m  [1mCREATE TABLE "schema_migrations" ("version" varchar(255) NOT NULL) [0m
+  [1m[35m (9.0ms)[0m  CREATE UNIQUE INDEX "unique_schema_migrations" ON "schema_migrations" ("version")
   [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
-  [1m[35mSQL (31.3ms)[0m  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d36908"]]
-  [1m[36m (34.3ms)[0m  [1mcommit transaction[0m
+  [1m[35mSQL (4.0ms)[0m  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d36713"]]
+  [1m[36m (13.6ms)[0m  [1mcommit transaction[0m
   [1m[35m (0.1ms)[0m  begin transaction
-  [1m[36mSQL (0.2ms)[0m  [1mINSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)[0m  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisation_slug", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d32371"]]
-  [1m[35m (24.5ms)[0m  commit transaction
+  [1m[36mSQL (0.2ms)[0m  [1mINSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)[0m  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisation_slug", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d34124"]]
+  [1m[35m (9.8ms)[0m  commit transaction
 WARNING: Can't mass-assign protected attributes: uid, name, permissions
-Processing by Api::UserController#update as HTML
-  Parameters: {"uid"=>"a1s2d36908"}
-  Rendered /home/jenkins/workspace/govuk_gds_sso/app/views/authorisations/unauthorised.html.erb within layouts/unauthorised (0.3ms)
-Completed 403 Forbidden in 39.8ms (Views: 13.5ms | ActiveRecord: 0.0ms)
+Processing by Api::UserController#reauth as HTML
+  Parameters: {"uid"=>"a1s2d36713"}
+  Rendered /home/jenkins/workspace/govuk_gds_sso/app/views/authorisations/unauthorised.html.erb within layouts/unauthorised (0.2ms)
+Completed 403 Forbidden in 40.0ms (Views: 39.2ms | ActiveRecord: 0.0ms)
   [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
-  [1m[35mSQL (0.2ms)[0m  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d38535"]]
-  [1m[36m (12.5ms)[0m  [1mcommit transaction[0m
+  [1m[35mSQL (0.2ms)[0m  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d36796"]]
+  [1m[36m (10.5ms)[0m  [1mcommit transaction[0m
   [1m[35m (0.1ms)[0m  begin transaction
-  [1m[36mSQL (0.2ms)[0m  [1mINSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)[0m  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisation_slug", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d37781"]]
-  [1m[35m (10.3ms)[0m  commit transaction
+  [1m[36mSQL (0.2ms)[0m  [1mINSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)[0m  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisation_slug", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d33045"]]
+  [1m[35m (11.3ms)[0m  commit transaction
+Processing by Api::UserController#reauth as HTML
+  Parameters: {"uid"=>"nonexistent-user"}
+  [1m[36mUser Load (0.3ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'nonexistent-user' LIMIT 1[0m
+Completed 200 OK in 6.1ms (ActiveRecord: 0.3ms)
+  [1m[35m (0.1ms)[0m  begin transaction
+  [1m[36mSQL (0.2ms)[0m  [1mINSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)[0m  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d34574"]]
+  [1m[35m (10.8ms)[0m  commit transaction
+  [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
+  [1m[35mSQL (0.1ms)[0m  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisation_slug", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d32625"]]
+  [1m[36m (11.6ms)[0m  [1mcommit transaction[0m
+Processing by Api::UserController#reauth as HTML
+  Parameters: {"uid"=>"a1s2d34574"}
+  [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d34574' LIMIT 1
+  [1m[36m (0.0ms)[0m  [1mbegin transaction[0m
+  [1m[35m (0.2ms)[0m  UPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '---
+- signin
+' WHERE "users"."id" = 5
+  [1m[36m (13.8ms)[0m  [1mcommit transaction[0m
+Completed 200 OK in 17.9ms (ActiveRecord: 14.2ms)
+  [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1  [["id", 5]]
+  [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
+  [1m[35mSQL (0.2ms)[0m  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d34826"]]
+  [1m[36m (12.4ms)[0m  [1mcommit transaction[0m
+  [1m[35m (0.0ms)[0m  begin transaction
+  [1m[36mSQL (0.1ms)[0m  [1mINSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)[0m  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisation_slug", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d35052"]]
+  [1m[35m (23.7ms)[0m  commit transaction
 Processing by Api::UserController#update as HTML
-  Parameters: {"uid"=>"a1s2d38535"}
-  [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d38535' LIMIT 1[0m
+  Parameters: {"uid"=>"a1s2d34826"}
+  [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d34826' LIMIT 1[0m
   [1m[35m (0.0ms)[0m  begin transaction
   [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "email" = 'user@domain.com', "name" = 'Joshua Marshall', "permissions" = '---
 - signin
 - new permission
-', "organisation_slug" = 'justice-league' WHERE "users"."id" = 3[0m
-  [1m[35m (13.6ms)[0m  commit transaction
-Completed 200 OK in 21.3ms (ActiveRecord: 14.0ms)
-  [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1[0m  [["id", 3]]
+', "organisation_slug" = 'justice-league' WHERE "users"."id" = 7[0m
+  [1m[35m (11.1ms)[0m  commit transaction
+Completed 200 OK in 14.9ms (ActiveRecord: 11.5ms)
+  [1m[36mUser Load (0.1ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1[0m  [["id", 7]]
   [1m[35m (0.1ms)[0m  begin transaction
-  [1m[36mSQL (0.2ms)[0m  [1mINSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)[0m  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d37830"]]
-  [1m[35m (12.2ms)[0m  commit transaction
+  [1m[36mSQL (0.2ms)[0m  [1mINSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)[0m  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d31326"]]
+  [1m[35m (12.4ms)[0m  commit transaction
   [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
-  [1m[35mSQL (0.2ms)[0m  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisation_slug", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d32204"]]
-  [1m[36m (10.5ms)[0m  [1mcommit transaction[0m
+  [1m[35mSQL (0.2ms)[0m  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisation_slug", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d35875"]]
+  [1m[36m (11.9ms)[0m  [1mcommit transaction[0m
 WARNING: Can't mass-assign protected attributes: uid, name, permissions
-Processing by Api::UserController#reauth as HTML
-  Parameters: {"uid"=>"a1s2d37830"}
-Completed 403 Forbidden in 1.5ms (Views: 0.9ms | ActiveRecord: 0.0ms)
+Processing by Api::UserController#update as HTML
+  Parameters: {"uid"=>"a1s2d31326"}
+Completed 403 Forbidden in 1.4ms (Views: 0.9ms | ActiveRecord: 0.0ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-07-18 13:10:52 +0000
+Processing by ExampleController#restricted as JSON
+Completed   in 231.0ms
+Started GET "/restricted" for 127.0.0.1 at 2014-07-18 13:10:52 +0000
+Processing by ExampleController#restricted as JSON
+  [1m[35mUser Load (0.3ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+  [1m[36mUser Load (0.1ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."email" = 'test@example-client.com' LIMIT 1[0m
   [1m[35m (0.1ms)[0m  begin transaction
-  [1m[36mSQL (0.2ms)[0m  [1mINSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)[0m  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d31716"]]
-  [1m[35m (14.8ms)[0m  commit transaction
+  [1m[36mSQL (0.2ms)[0m  [1mINSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)[0m  [["email", "test@example-client.com"], ["name", "Test User"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "integration-uid"]]
+  [1m[35m (13.4ms)[0m  commit transaction
+  [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
+  [1m[35m (0.0ms)[0m  begin transaction
+  [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11[0m
+  [1m[35m (10.9ms)[0m  commit transaction
+  [1m[36mUser Load (0.1ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
+  [1m[35m (0.0ms)[0m  begin transaction
+  [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11[0m
+  [1m[35m (10.5ms)[0m  commit transaction
+  [1m[36mUser Load (0.1ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
+  [1m[35m (0.0ms)[0m  begin transaction
+  [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11[0m
+  [1m[35m (11.9ms)[0m  commit transaction
+  [1m[36m (0.0ms)[0m  [1mbegin transaction[0m
+  [1m[35m (0.1ms)[0m  UPDATE "users" SET "remotely_signed_out" = 'f', "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+  [1m[36m (8.2ms)[0m  [1mcommit transaction[0m
+Completed 200 OK in 583.8ms (Views: 3.0ms | ActiveRecord: 56.9ms)
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2014-07-18 13:10:53 +0000
+Processing by ExampleController#this_requires_signin_permission as JSON
+  [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
   [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
-  [1m[35mSQL (0.2ms)[0m  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisation_slug", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d31621"]]
-  [1m[36m (12.3ms)[0m  [1mcommit transaction[0m
-Processing by Api::UserController#reauth as HTML
-  Parameters: {"uid"=>"nonexistent-user"}
-  [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'nonexistent-user' LIMIT 1
-Completed 200 OK in 1.1ms (ActiveRecord: 0.2ms)
+  [1m[35m (0.2ms)[0m  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+  [1m[36m (10.0ms)[0m  [1mcommit transaction[0m
+  [1m[35mUser Load (0.1ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
   [1m[36m (0.0ms)[0m  [1mbegin transaction[0m
-  [1m[35mSQL (0.2ms)[0m  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d3573"]]
-  [1m[36m (15.8ms)[0m  [1mcommit transaction[0m
-  [1m[35m (0.1ms)[0m  begin transaction
-  [1m[36mSQL (0.2ms)[0m  [1mINSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)[0m  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisation_slug", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d35885"]]
-  [1m[35m (13.5ms)[0m  commit transaction
-Processing by Api::UserController#reauth as HTML
-  Parameters: {"uid"=>"a1s2d3573"}
-  [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d3573' LIMIT 1[0m
+  [1m[35m (0.1ms)[0m  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+  [1m[36m (10.6ms)[0m  [1mcommit transaction[0m
+  [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+  [1m[36m (0.0ms)[0m  [1mbegin transaction[0m
+  [1m[35m (0.1ms)[0m  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+  [1m[36m (9.4ms)[0m  [1mcommit transaction[0m
+  [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+  [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
+  [1m[35m (0.1ms)[0m  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+  [1m[36m (9.4ms)[0m  [1mcommit transaction[0m
   [1m[35m (0.0ms)[0m  begin transaction
-  [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '---
+  [1m[36m (0.1ms)[0m  [1mUPDATE "users" SET "permissions" = '---
 - signin
-' WHERE "users"."id" = 9[0m
-  [1m[35m (13.3ms)[0m  commit transaction
-Completed 200 OK in 16.6ms (ActiveRecord: 13.7ms)
-  [1m[36mUser Load (0.1ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1[0m  [["id", 9]]
-Started GET "/" for 127.0.0.1 at 2014-05-28 10:01:15 +0000
+' WHERE "users"."id" = 11[0m
+  [1m[35m (8.9ms)[0m  commit transaction
+Completed 200 OK in 209.9ms (Views: 0.5ms | ActiveRecord: 49.9ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-07-18 13:10:53 +0000
+Processing by ExampleController#restricted as JSON
+Completed   in 22.9ms
+Started GET "/" for 127.0.0.1 at 2014-07-18 13:10:54 +0000
 Processing by ExampleController#index as HTML
-Completed 200 OK in 3.4ms (Views: 2.9ms | ActiveRecord: 0.0ms)
-Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2014-05-28 10:01:16 +0000
-Processing by ExampleController#this_requires_signin_permission as HTML
+Completed 200 OK in 0.8ms (Views: 0.4ms | ActiveRecord: 0.0ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-07-18 13:10:54 +0000
+Processing by ExampleController#restricted as HTML
 Authenticating with gds_sso strategy
-Completed   in 38.9ms
-Started GET "/auth/gds" for 127.0.0.1 at 2014-05-28 10:01:16 +0000
-Started GET "/auth/gds/callback?code=faf6aab82246cb23fef1879ead32e8505144ef734fb2432626a0667d3af46c76&state=0d6136bf4b8f56ea9bca777052b46067399c6d0703a7d78a" for 127.0.0.1 at 2014-05-28 10:01:17 +0000
+Completed   in 0.3ms
+Started GET "/auth/gds" for 127.0.0.1 at 2014-07-18 13:10:54 +0000
+Started GET "/auth/gds/callback?code=5975db777d300dea19d732e349a1e11f7a32642833159c9df9906db5ffb9baa2&state=f0484e1e5be76776d650d5e35cf7a598239a5b50461aa916" for 127.0.0.1 at 2014-07-18 13:10:55 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"faf6aab82246cb23fef1879ead32e8505144ef734fb2432626a0667d3af46c76", "state"=>"0d6136bf4b8f56ea9bca777052b46067399c6d0703a7d78a"}
+  Parameters: {"code"=>"5975db777d300dea19d732e349a1e11f7a32642833159c9df9906db5ffb9baa2", "state"=>"f0484e1e5be76776d650d5e35cf7a598239a5b50461aa916"}
 Authenticating with gds_sso strategy
-  [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-  [1m[36mUser Load (0.1ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."email" = 'test@example-client.com' LIMIT 1[0m
+  [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
   [1m[35m (0.1ms)[0m  begin transaction
-  [1m[36mSQL (0.2ms)[0m  [1mINSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)[0m  [["email", "test@example-client.com"], ["name", "Test User"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "integration-uid"]]
-  [1m[35m (21.7ms)[0m  commit transaction
-  [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
-  [1m[35m (0.2ms)[0m  UPDATE "users" SET "remotely_signed_out" = 'f', "permissions" = '---
+  [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11[0m
+  [1m[35m (9.1ms)[0m  commit transaction
+  [1m[36m (0.0ms)[0m  [1mbegin transaction[0m
+  [1m[35m (0.1ms)[0m  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-  [1m[36m (13.8ms)[0m  [1mcommit transaction[0m
-Redirected to http://www.example-client.com/this_requires_signin_permission
-Completed 302 Found in 42.2ms (ActiveRecord: 36.3ms)
-Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2014-05-28 10:01:17 +0000
-Processing by ExampleController#this_requires_signin_permission as HTML
+  [1m[36m (10.0ms)[0m  [1mcommit transaction[0m
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 24.6ms (ActiveRecord: 19.7ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-07-18 13:10:55 +0000
+Processing by ExampleController#restricted as HTML
   [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1
-Completed 200 OK in 1.8ms (Views: 0.4ms | ActiveRecord: 0.2ms)
-Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2014-05-28 10:01:17 +0000
-Processing by ExampleController#this_requires_signin_permission as HTML
+Completed 200 OK in 1.4ms (Views: 0.4ms | ActiveRecord: 0.2ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-07-18 13:10:55 +0000
+Processing by ExampleController#restricted as HTML
 Authenticating with gds_sso strategy
-Completed   in 0.2ms
-Started GET "/auth/gds" for 127.0.0.1 at 2014-05-28 10:01:17 +0000
-Started GET "/auth/gds/callback?code=29b5e159e6fb693ebc12b812a4565419724e8690ba041aedf91176d321b70320&state=6ced3aac4b4c56591263d743d0998eae8fb01fbcdd1473c4" for 127.0.0.1 at 2014-05-28 10:01:18 +0000
+Completed   in 0.3ms
+Started GET "/auth/gds" for 127.0.0.1 at 2014-07-18 13:10:55 +0000
+Started GET "/auth/gds/callback?code=5afbdc652a40e339df83fd3b72dd1e08ac20c9e65887be4a919fb40b4b7658b4&state=f850257ee9f2c743b5ea0ee0f0360b96158b629566127ccc" for 127.0.0.1 at 2014-07-18 13:10:55 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"29b5e159e6fb693ebc12b812a4565419724e8690ba041aedf91176d321b70320", "state"=>"6ced3aac4b4c56591263d743d0998eae8fb01fbcdd1473c4"}
+  Parameters: {"code"=>"5afbdc652a40e339df83fd3b72dd1e08ac20c9e65887be4a919fb40b4b7658b4", "state"=>"f850257ee9f2c743b5ea0ee0f0360b96158b629566127ccc"}
 Authenticating with gds_sso strategy
   [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
-  [1m[35m (0.0ms)[0m  begin transaction
+  [1m[35m (0.1ms)[0m  begin transaction
   [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11[0m
-  [1m[35m (15.1ms)[0m  commit transaction
+  [1m[35m (11.7ms)[0m  commit transaction
   [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
   [1m[35m (0.2ms)[0m  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-  [1m[36m (9.8ms)[0m  [1mcommit transaction[0m
-Redirected to http://www.example-client.com/this_requires_signin_permission
-Completed 302 Found in 29.9ms (ActiveRecord: 25.5ms)
-Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2014-05-28 10:01:18 +0000
-Processing by ExampleController#this_requires_signin_permission as HTML
+  [1m[36m (8.0ms)[0m  [1mcommit transaction[0m
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 25.3ms (ActiveRecord: 20.4ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-07-18 13:10:55 +0000
+Processing by ExampleController#restricted as HTML
   [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1
-Completed 200 OK in 1.5ms (Views: 0.3ms | ActiveRecord: 0.2ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-05-28 10:01:18 +0000
+Completed 200 OK in 1.3ms (Views: 0.4ms | ActiveRecord: 0.2ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-07-18 13:10:55 +0000
 Processing by ExampleController#restricted as HTML
 Authenticating with gds_sso strategy
-Completed   in 0.6ms
-Started GET "/auth/gds" for 127.0.0.1 at 2014-05-28 10:01:18 +0000
-Started GET "/auth/gds/callback?code=395fdc86b83c4935e168b413a3f2f4f56214dc097f7cd0e2dd20d4b87ad57316&state=05f426033c7da87aac3fd1d66714bd72bb90a0f541feedab" for 127.0.0.1 at 2014-05-28 10:01:18 +0000
+Completed   in 0.2ms
+Started GET "/auth/gds" for 127.0.0.1 at 2014-07-18 13:10:55 +0000
+Started GET "/auth/gds/callback?code=e41b27b6bcd8d06e7f62f794a6254edcefe1463a770a5b048a3399da9b3d2456&state=f3c6d7b10c576e26ffcac9aa2e24a60fc0764fe6b5843d3f" for 127.0.0.1 at 2014-07-18 13:10:56 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"395fdc86b83c4935e168b413a3f2f4f56214dc097f7cd0e2dd20d4b87ad57316", "state"=>"05f426033c7da87aac3fd1d66714bd72bb90a0f541feedab"}
+  Parameters: {"code"=>"e41b27b6bcd8d06e7f62f794a6254edcefe1463a770a5b048a3399da9b3d2456", "state"=>"f3c6d7b10c576e26ffcac9aa2e24a60fc0764fe6b5843d3f"}
 Authenticating with gds_sso strategy
   [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
-  [1m[35m (0.1ms)[0m  begin transaction
-  [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
+  [1m[35m (0.0ms)[0m  begin transaction
+  [1m[36m (0.3ms)[0m  [1mUPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11[0m
-  [1m[35m (13.2ms)[0m  commit transaction
+  [1m[35m (21.5ms)[0m  commit transaction
   [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
   [1m[35m (0.2ms)[0m  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-  [1m[36m (12.7ms)[0m  [1mcommit transaction[0m
+  [1m[36m (14.7ms)[0m  [1mcommit transaction[0m
 Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 32.2ms (ActiveRecord: 26.6ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-05-28 10:01:18 +0000
+Completed 302 Found in 68.1ms (ActiveRecord: 36.9ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-07-18 13:10:56 +0000
 Processing by ExampleController#restricted as HTML
   [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1
-Completed 200 OK in 1.7ms (Views: 0.4ms | ActiveRecord: 0.2ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-05-28 10:01:18 +0000
-Processing by ExampleController#restricted as HTML
+Completed 200 OK in 1.7ms (Views: 0.3ms | ActiveRecord: 0.2ms)
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2014-07-18 13:10:56 +0000
+Processing by ExampleController#this_requires_signin_permission as HTML
 Authenticating with gds_sso strategy
 Completed   in 0.3ms
-Started GET "/auth/gds" for 127.0.0.1 at 2014-05-28 10:01:18 +0000
-Started GET "/auth/gds/callback?code=287809a753f9fab30b73667a774f37a2cf7262312f41aecb9467052f2808769d&state=65566e10cd35a26c965c9b3260d3b111c952d6beea198613" for 127.0.0.1 at 2014-05-28 10:01:19 +0000
+Started GET "/auth/gds" for 127.0.0.1 at 2014-07-18 13:10:56 +0000
+Started GET "/auth/gds/callback?code=210b5d58b9ffe1bea1b9de5e2d153fd780f008363d642524024c378b62238e07&state=26b44a48b59d4ec1f55b4d079dcd744ffe007801fb59c273" for 127.0.0.1 at 2014-07-18 13:10:56 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"287809a753f9fab30b73667a774f37a2cf7262312f41aecb9467052f2808769d", "state"=>"65566e10cd35a26c965c9b3260d3b111c952d6beea198613"}
+  Parameters: {"code"=>"210b5d58b9ffe1bea1b9de5e2d153fd780f008363d642524024c378b62238e07", "state"=>"26b44a48b59d4ec1f55b4d079dcd744ffe007801fb59c273"}
 Authenticating with gds_sso strategy
   [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
   [1m[35m (0.1ms)[0m  begin transaction
   [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11[0m
-  [1m[35m (11.0ms)[0m  commit transaction
+  [1m[35m (10.3ms)[0m  commit transaction
   [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
   [1m[35m (0.2ms)[0m  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-  [1m[36m (9.0ms)[0m  [1mcommit transaction[0m
-Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 26.5ms (ActiveRecord: 20.8ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-05-28 10:01:19 +0000
-Processing by ExampleController#restricted as HTML
+  [1m[36m (8.9ms)[0m  [1mcommit transaction[0m
+Redirected to http://www.example-client.com/this_requires_signin_permission
+Completed 302 Found in 24.5ms (ActiveRecord: 19.8ms)
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2014-07-18 13:10:56 +0000
+Processing by ExampleController#this_requires_signin_permission as HTML
   [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1
-Completed 200 OK in 1.7ms (Views: 0.5ms | ActiveRecord: 0.2ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-05-28 10:01:19 +0000
-Processing by ExampleController#restricted as HTML
+Completed 200 OK in 1.7ms (Views: 0.4ms | ActiveRecord: 0.2ms)
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2014-07-18 13:10:56 +0000
+Processing by ExampleController#this_requires_signin_permission as HTML
 Authenticating with gds_sso strategy
 Completed   in 0.2ms
-Started GET "/auth/gds" for 127.0.0.1 at 2014-05-28 10:01:19 +0000
-Started GET "/auth/gds/callback?code=07998a069ae35cedf19d2ae351243b8852a5c1be8d02659290c0b411f9abd216&state=b7048d5a343fc6946e7fd6419d0b458e53890e0e1ed0fe3b" for 127.0.0.1 at 2014-05-28 10:01:19 +0000
+Started GET "/auth/gds" for 127.0.0.1 at 2014-07-18 13:10:56 +0000
+Started GET "/auth/gds/callback?code=a3b9018ca8bd15809018c13c3647e342178769d152181e7577286d8c69ccb98e&state=a53779c75892eac4775139c3bad3dc74c7df9965c47b22ee" for 127.0.0.1 at 2014-07-18 13:10:57 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"07998a069ae35cedf19d2ae351243b8852a5c1be8d02659290c0b411f9abd216", "state"=>"b7048d5a343fc6946e7fd6419d0b458e53890e0e1ed0fe3b"}
+  Parameters: {"code"=>"a3b9018ca8bd15809018c13c3647e342178769d152181e7577286d8c69ccb98e", "state"=>"a53779c75892eac4775139c3bad3dc74c7df9965c47b22ee"}
 Authenticating with gds_sso strategy
   [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
   [1m[35m (0.0ms)[0m  begin transaction
   [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11[0m
-  [1m[35m (15.0ms)[0m  commit transaction
+  [1m[35m (11.4ms)[0m  commit transaction
   [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
   [1m[35m (0.2ms)[0m  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-  [1m[36m (12.2ms)[0m  [1mcommit transaction[0m
-Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 32.3ms (ActiveRecord: 27.8ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-05-28 10:01:19 +0000
-Processing by ExampleController#restricted as HTML
-  [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1
-Completed 200 OK in 1.5ms (Views: 0.3ms | ActiveRecord: 0.2ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-05-28 10:01:19 +0000
+  [1m[36m (6.4ms)[0m  [1mcommit transaction[0m
+Redirected to http://www.example-client.com/this_requires_signin_permission
+Completed 302 Found in 22.8ms (ActiveRecord: 18.5ms)
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2014-07-18 13:10:57 +0000
+Processing by ExampleController#this_requires_signin_permission as HTML
+  [1m[35mUser Load (0.1ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1
+Completed 200 OK in 1.5ms (Views: 0.3ms | ActiveRecord: 0.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-07-18 13:10:57 +0000
 Processing by ExampleController#restricted as HTML
 Authenticating with gds_sso strategy
-Completed   in 0.4ms
-Started GET "/auth/gds" for 127.0.0.1 at 2014-05-28 10:01:19 +0000
-Started GET "/auth/gds/callback?code=3b6e908312a657f10f1707f88805d4b7f3ca33eed1692822ab5537384849292e&state=22c2ad34c40644a633fe408a01f949947306e62bfd39938c" for 127.0.0.1 at 2014-05-28 10:01:19 +0000
+Completed   in 0.3ms
+Started GET "/auth/gds" for 127.0.0.1 at 2014-07-18 13:10:57 +0000
+Started GET "/auth/gds/callback?code=f43f0a109a92ca6da4462731e056222aeb34085532afdc2dbbdeee8765b3bb1b&state=2b9882146c18215fb72946ccba69fbfec2f5c728e691eefa" for 127.0.0.1 at 2014-07-18 13:10:57 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"3b6e908312a657f10f1707f88805d4b7f3ca33eed1692822ab5537384849292e", "state"=>"22c2ad34c40644a633fe408a01f949947306e62bfd39938c"}
+  Parameters: {"code"=>"f43f0a109a92ca6da4462731e056222aeb34085532afdc2dbbdeee8765b3bb1b", "state"=>"2b9882146c18215fb72946ccba69fbfec2f5c728e691eefa"}
 Authenticating with gds_sso strategy
   [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
   [1m[35m (0.1ms)[0m  begin transaction
   [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11[0m
-  [1m[35m (11.4ms)[0m  commit transaction
+  [1m[35m (17.2ms)[0m  commit transaction
   [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
   [1m[35m (0.2ms)[0m  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-  [1m[36m (13.6ms)[0m  [1mcommit transaction[0m
+  [1m[36m (7.8ms)[0m  [1mcommit transaction[0m
 Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 31.1ms (ActiveRecord: 25.6ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-05-28 10:01:20 +0000
+Completed 302 Found in 30.9ms (ActiveRecord: 25.6ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-07-18 13:10:57 +0000
 Processing by ExampleController#restricted as HTML
   [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1
-Completed 200 OK in 1.6ms (Views: 0.4ms | ActiveRecord: 0.2ms)
-  [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."email" = 'test@example-client.com' LIMIT 1[0m
-  [1m[35m (0.1ms)[0m  begin transaction
-  [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '---
-- signin
-' WHERE "users"."id" = 11[0m
-  [1m[35m (16.4ms)[0m  commit transaction
-Started GET "/restricted" for 127.0.0.1 at 2014-05-28 10:01:20 +0000
+Completed 200 OK in 1.7ms (Views: 0.4ms | ActiveRecord: 0.2ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-07-19 09:05:57 +0000
 Processing by ExampleController#restricted as HTML
   [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1[0m
+Completed 200 OK in 2.0ms (Views: 0.4ms | ActiveRecord: 0.2ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-07-18 13:10:58 +0000
+Processing by ExampleController#restricted as HTML
 Authenticating with gds_sso strategy
-Completed   in 1.2ms
-Started GET "/auth/gds" for 127.0.0.1 at 2014-05-28 10:01:20 +0000
-Started GET "/auth/gds/callback?code=59f3ff77264922e41505a1d74edf5086fb9c0ab0ce7eaeda35e3eb9c5e1d73f5&state=50445985dfd8188201ecf12097a6d45fd8b2fb4a1567d8a5" for 127.0.0.1 at 2014-05-28 10:01:20 +0000
+Completed   in 0.4ms
+Started GET "/auth/gds" for 127.0.0.1 at 2014-07-18 13:10:58 +0000
+Started GET "/auth/gds/callback?code=6e86a5ac211079540a91bd24d9e2d288bf63eca3eae8d673175e32e32e7f7130&state=9d588c1b54ad3155f986f4faaed309143cc4ccb34810385e" for 127.0.0.1 at 2014-07-18 13:10:58 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"59f3ff77264922e41505a1d74edf5086fb9c0ab0ce7eaeda35e3eb9c5e1d73f5", "state"=>"50445985dfd8188201ecf12097a6d45fd8b2fb4a1567d8a5"}
+  Parameters: {"code"=>"6e86a5ac211079540a91bd24d9e2d288bf63eca3eae8d673175e32e32e7f7130", "state"=>"9d588c1b54ad3155f986f4faaed309143cc4ccb34810385e"}
 Authenticating with gds_sso strategy
   [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-  [1m[36m (0.0ms)[0m  [1mbegin transaction[0m
+  [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
   [1m[35m (0.2ms)[0m  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-  [1m[36m (17.5ms)[0m  [1mcommit transaction[0m
-  [1m[35m (0.1ms)[0m  begin transaction
-  [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "remotely_signed_out" = 'f', "permissions" = '---
+  [1m[36m (11.8ms)[0m  [1mcommit transaction[0m
+  [1m[35m (0.0ms)[0m  begin transaction
+  [1m[36m (0.1ms)[0m  [1mUPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11[0m
-  [1m[35m (15.5ms)[0m  commit transaction
+  [1m[35m (12.0ms)[0m  commit transaction
 Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 39.0ms (ActiveRecord: 33.7ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-05-28 10:01:20 +0000
+Completed 302 Found in 28.9ms (ActiveRecord: 24.4ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-07-18 13:10:58 +0000
 Processing by ExampleController#restricted as HTML
   [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1[0m
-Completed 200 OK in 1.4ms (Views: 0.3ms | ActiveRecord: 0.2ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-05-28 10:01:20 +0000
+Completed 200 OK in 1.4ms (Views: 0.4ms | ActiveRecord: 0.2ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-07-19 09:15:58 +0000
 Processing by ExampleController#restricted as HTML
 Authenticating with gds_sso strategy
 Completed   in 0.3ms
-Started GET "/auth/gds" for 127.0.0.1 at 2014-05-28 10:01:20 +0000
-Started GET "/auth/gds/callback?code=15a391624cbed2a7b33d9678b6534883c9fa02949bb1c08fde5cbccbc4eacee5&state=9d596518fffb5957e71141544b4f3252a3bc869f5e279de7" for 127.0.0.1 at 2014-05-28 10:01:20 +0000
+Started GET "/auth/gds" for 127.0.0.1 at 2014-07-19 09:15:58 +0000
+Started GET "/auth/gds/callback?code=1a3140979bcf7b3277dcf0246e252c3b07673b16c0960dc9fd11d5338079cd09&state=8abd43f4c4bf907ae34f3f3fc4b6e88f0dddc47b7304c202" for 127.0.0.1 at 2014-07-19 09:15:58 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"15a391624cbed2a7b33d9678b6534883c9fa02949bb1c08fde5cbccbc4eacee5", "state"=>"9d596518fffb5957e71141544b4f3252a3bc869f5e279de7"}
+  Parameters: {"code"=>"1a3140979bcf7b3277dcf0246e252c3b07673b16c0960dc9fd11d5338079cd09", "state"=>"8abd43f4c4bf907ae34f3f3fc4b6e88f0dddc47b7304c202"}
 Authenticating with gds_sso strategy
   [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
   [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
   [1m[35m (0.2ms)[0m  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-  [1m[36m (13.4ms)[0m  [1mcommit transaction[0m
+  [1m[36m (15.0ms)[0m  [1mcommit transaction[0m
   [1m[35m (0.1ms)[0m  begin transaction
   [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11[0m
-  [1m[35m (16.3ms)[0m  commit transaction
+  [1m[35m (11.3ms)[0m  commit transaction
 Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 35.5ms (ActiveRecord: 30.3ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-05-28 10:01:20 +0000
+Completed 302 Found in 31.0ms (ActiveRecord: 26.9ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-07-19 09:15:58 +0000
 Processing by ExampleController#restricted as HTML
   [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1[0m
-Completed 200 OK in 1.6ms (Views: 0.4ms | ActiveRecord: 0.2ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-05-29 06:06:20 +0000
+Completed 200 OK in 1.2ms (Views: 0.2ms | ActiveRecord: 0.2ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-07-18 13:10:58 +0000
 Processing by ExampleController#restricted as HTML
 Authenticating with gds_sso strategy
-Completed   in 0.4ms
-Started GET "/auth/gds" for 127.0.0.1 at 2014-05-29 06:06:20 +0000
-Started GET "/auth/gds/callback?code=d6c80119d54145028f227274fa51d0be7788905b5790e0e026c6d302cb055057&state=cfcca15c646ccb5a2b880827fde549c146abf61232b26b77" for 127.0.0.1 at 2014-05-29 06:06:20 +0000
+Completed   in 0.3ms
+Started GET "/auth/gds" for 127.0.0.1 at 2014-07-18 13:10:58 +0000
+Started GET "/auth/gds/callback?code=03ef9abbd28b603a14ae6a14831ed972f90eee81c8b20b544aede2bd0aadb37c&state=61f2c111d40be99abb1c0fb13cf6da10cdeff618b7847110" for 127.0.0.1 at 2014-07-18 13:10:59 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"d6c80119d54145028f227274fa51d0be7788905b5790e0e026c6d302cb055057", "state"=>"cfcca15c646ccb5a2b880827fde549c146abf61232b26b77"}
+  Parameters: {"code"=>"03ef9abbd28b603a14ae6a14831ed972f90eee81c8b20b544aede2bd0aadb37c", "state"=>"61f2c111d40be99abb1c0fb13cf6da10cdeff618b7847110"}
 Authenticating with gds_sso strategy
-  [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+  [1m[35mUser Load (0.3ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
   [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
   [1m[35m (0.2ms)[0m  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-  [1m[36m (10.3ms)[0m  [1mcommit transaction[0m
+  [1m[36m (15.6ms)[0m  [1mcommit transaction[0m
   [1m[35m (0.1ms)[0m  begin transaction
-  [1m[36m (0.1ms)[0m  [1mUPDATE "users" SET "permissions" = '---
+  [1m[36m (0.3ms)[0m  [1mUPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11[0m
-  [1m[35m (12.6ms)[0m  commit transaction
+  [1m[35m (11.1ms)[0m  commit transaction
 Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 27.3ms (ActiveRecord: 23.5ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-05-29 06:06:21 +0000
+Completed 302 Found in 59.3ms (ActiveRecord: 27.6ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-07-18 13:10:59 +0000
 Processing by ExampleController#restricted as HTML
   [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1[0m
-Completed 200 OK in 1.3ms (Views: 0.2ms | ActiveRecord: 0.2ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-05-28 10:01:21 +0000
-Processing by ExampleController#restricted as HTML
-Authenticating with gds_sso strategy
-Completed   in 0.4ms
-Started GET "/auth/gds" for 127.0.0.1 at 2014-05-28 10:01:21 +0000
-Started GET "/auth/gds/callback?code=bab47efe786ae1e03f7b8d1d151976af33314e80eb553d5fbd313d66f6d55406&state=88b33e9f9c7d2f5a6259251aea3570197a7dc407d8421f02" for 127.0.0.1 at 2014-05-28 10:01:21 +0000
-Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"bab47efe786ae1e03f7b8d1d151976af33314e80eb553d5fbd313d66f6d55406", "state"=>"88b33e9f9c7d2f5a6259251aea3570197a7dc407d8421f02"}
-Authenticating with gds_sso strategy
-  [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 1.9ms (Views: 0.4ms | ActiveRecord: 0.2ms)
+  [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."email" = 'test@example-client.com' LIMIT 1
   [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
-  [1m[35m (0.2ms)[0m  UPDATE "users" SET "permissions" = '---
+  [1m[35m (0.2ms)[0m  UPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-  [1m[36m (12.9ms)[0m  [1mcommit transaction[0m
-  [1m[35m (0.0ms)[0m  begin transaction
-  [1m[36m (0.1ms)[0m  [1mUPDATE "users" SET "permissions" = '---
-- signin
-' WHERE "users"."id" = 11[0m
-  [1m[35m (11.6ms)[0m  commit transaction
-Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 30.4ms (ActiveRecord: 25.2ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-05-28 10:01:21 +0000
-Processing by ExampleController#restricted as HTML
-  [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1[0m
-Completed 200 OK in 1.9ms (Views: 0.5ms | ActiveRecord: 0.2ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-05-29 05:56:21 +0000
+  [1m[36m (8.8ms)[0m  [1mcommit transaction[0m
+Started GET "/restricted" for 127.0.0.1 at 2014-07-18 13:10:59 +0000
 Processing by ExampleController#restricted as HTML
   [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1
-Completed 200 OK in 1.1ms (Views: 0.2ms | ActiveRecord: 0.2ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-05-28 10:01:21 +0000
-Processing by ExampleController#restricted as JSON
-Authenticating with gds_bearer_token strategy
-Completed   in 8.6ms
-Started GET "/restricted" for 127.0.0.1 at 2014-05-28 10:01:21 +0000
-Processing by ExampleController#restricted as JSON
-Authenticating with gds_bearer_token strategy
-  [1m[36mUser Load (0.3ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
+Authenticating with gds_sso strategy
+Completed   in 1.1ms
+Started GET "/auth/gds" for 127.0.0.1 at 2014-07-18 13:10:59 +0000
+Started GET "/auth/gds/callback?code=979607bcfbbc1794b923fa73d6fe319dd1be0bfc02086a961188b1de669bb8ff&state=ba10cbc1d53771830df04cb8d9cd264be7a05c80d204777c" for 127.0.0.1 at 2014-07-18 13:10:59 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"979607bcfbbc1794b923fa73d6fe319dd1be0bfc02086a961188b1de669bb8ff", "state"=>"ba10cbc1d53771830df04cb8d9cd264be7a05c80d204777c"}
+Authenticating with gds_sso strategy
+  [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
   [1m[35m (0.1ms)[0m  begin transaction
   [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11[0m
-  [1m[35m (25.0ms)[0m  commit transaction
-  [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
-  [1m[35m (0.3ms)[0m  UPDATE "users" SET "permissions" = '---
-- signin
-' WHERE "users"."id" = 11
-  [1m[36m (32.0ms)[0m  [1mcommit transaction[0m
-Completed 200 OK in 215.4ms (Views: 0.6ms | ActiveRecord: 58.0ms)
-Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2014-05-28 10:01:22 +0000
-Processing by ExampleController#this_requires_signin_permission as JSON
-Authenticating with gds_bearer_token strategy
-  [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-  [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
-  [1m[35m (0.2ms)[0m  UPDATE "users" SET "permissions" = '---
+  [1m[35m (13.3ms)[0m  commit transaction
+  [1m[36m (0.0ms)[0m  [1mbegin transaction[0m
+  [1m[35m (0.2ms)[0m  UPDATE "users" SET "remotely_signed_out" = 'f', "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-  [1m[36m (20.9ms)[0m  [1mcommit transaction[0m
-  [1m[35m (0.1ms)[0m  begin transaction
-  [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
-- signin
-' WHERE "users"."id" = 11[0m
-  [1m[35m (11.1ms)[0m  commit transaction
-Completed 200 OK in 91.1ms (Views: 0.5ms | ActiveRecord: 32.6ms)
+  [1m[36m (15.2ms)[0m  [1mcommit transaction[0m
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 34.0ms (ActiveRecord: 29.2ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-07-18 13:10:59 +0000
+Processing by ExampleController#restricted as HTML
+  [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1
+Completed 200 OK in 1.5ms (Views: 0.3ms | ActiveRecord: 0.2ms)