RubyGems - gds-sso - Versions diffs - 1.2.2 → 2.0.0 - Mend

gds-sso 1.2.2 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

data/Gemfile +1 -1
data/lib/gds-sso.rb +1 -1
data/lib/gds-sso/api_access.rb +8 -0
data/lib/gds-sso/version.rb +1 -1
data/lib/gds-sso/warden_config.rb +76 -0
data/spec/fixtures/integration/authorize_api_users.sql +4 -0
data/spec/fixtures/integration/signonotron2.sql +1 -1
data/spec/internal/db/combustion_test.sqlite +0 -0
data/spec/internal/log/test.log +169 -627
data/spec/requests/end_to_end_spec.rb +28 -2
data/spec/support/signonotron2_integration_helpers.rb +10 -2
data/test/api_access_test.rb +11 -0
metadata +32 -30

data/Gemfile CHANGED Viewed

@@ -1,4 +1,4 @@
-source "http://rubygems.org"
+source "https://rubygems.org"
 source 'https://gems.gemfury.com/vo6ZrmjBQu5szyywDszE/'
 # Specify your gem's dependencies in gds-sso.gemspec

data/lib/gds-sso.rb CHANGED Viewed

@@ -38,7 +38,7 @@ module GDS
       end
       def self.default_strategies
-        use_mock_strategies? ? [:mock_gds_sso, :mock_gds_sso_api_access] : [:gds_sso, :gds_sso_api_access]
+        use_mock_strategies? ? [:mock_gds_sso, :mock_gds_sso_api_access] : [:gds_sso, :gds_bearer_token, :gds_sso_api_access]
       end
       config.app_middleware.use Warden::Manager do |config|

data/lib/gds-sso/api_access.rb CHANGED Viewed

@@ -7,6 +7,14 @@ module GDS
         request = Rack::Accept::Request.new(env)
         request.best_media_type(%w{text/html application/json}) == 'application/json'
       end
+      def self.has_bearer_token?(env)
+        env['HTTP_AUTHORIZATION'] && env['HTTP_AUTHORIZATION'].match(/^Bearer /)
+      end
+      def self.oauth_api_call?(env)
+        has_bearer_token?(env)
+      end
     end
   end
 end

data/lib/gds-sso/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module GDS
   module SSO
-    VERSION = "1.2.2"
+    VERSION = "2.0.0"
   end
 end

data/lib/gds-sso/warden_config.rb CHANGED Viewed

@@ -51,6 +51,82 @@ Warden::Strategies.add(:gds_sso) do
   end
 end
+Warden::Strategies.add(:gds_bearer_token) do
+  def valid?
+    ::GDS::SSO::ApiAccess.api_call?(env) &&
+      ::GDS::SSO::ApiAccess.oauth_api_call?(env)
+  end
+  def authenticate!
+    Rails.logger.debug("Authenticating with gds_bearer_token strategy")
+    begin
+      access_token = OAuth2::AccessToken.new(oauth_client, token_from_authorization_header)
+      response_body = access_token.get('/user.json').body
+      user_details = omniauth_style_response(response_body)
+      user = prep_user(user_details)
+      success!(user)
+    rescue OAuth2::Error
+      custom!(unauthorized)
+    end
+  end
+  def oauth_client
+    @oauth_client ||= OAuth2::Client.new(
+      GDS::SSO::Config.oauth_id,
+      GDS::SSO::Config.oauth_secret,
+      :site => GDS::SSO::Config.oauth_root_url
+    )
+  end
+  def token_from_authorization_header
+    env['HTTP_AUTHORIZATION'].gsub(/Bearer /, '')
+  end
+  # Our User code assumes we're getting our user data back
+  # via omniauth and so receiving it in omniauth's preferred
+  # structure. Here we're addressing signonotron directly so
+  # we need to transform the response ourselves.
+  #
+  # There may be a way to simplify matters by having this
+  # strategy work via omniauth too but I've not worked out how
+  # to wire that up yet.
+  def omniauth_style_response(response_body)
+    input = MultiJson.decode(response_body)['user']
+    {
+      'uid' => input['uid'],
+      'info' => {
+        'email' => input['email'],
+        'name' => input['name']
+      },
+      'extra' => {
+        'user' => {
+          'permissions' => input['permissions']
+        }
+      }
+    }
+  end
+  def prep_user(auth_hash)
+    user = GDS::SSO::Config.user_klass.find_for_gds_oauth(auth_hash)
+    custom!(anauthorized) unless user
+    user
+  end
+  def unauthorized
+    [
+      401,
+      {
+        'Content-Type' => 'text/plain',
+        'Content-Length' => '0',
+        'WWW-Authenticate' => %(Bearer realm="#{GDS::SSO::Config.basic_auth_realm}", error="invalid_token")
+      },
+      []
+    ]
+  end
+end
 Warden::Strategies.add(:gds_sso_api_access) do
   def api_user
     @api_user ||= GDS::SSO::ApiUser.new

data/spec/fixtures/integration/authorize_api_users.sql ADDED Viewed

@@ -0,0 +1,4 @@
+DELETE FROM `oauth_access_tokens`;
+INSERT INTO oauth_access_tokens VALUES
+  (NULL, 1, 1, 'caaeb53be5c7277fb0ef158181bfd1537b57f9e3b83eb795be3cd0af6e118b28', '1bc343797483954d7306d67e96687feccdfdaa8b23ed662ae23e2b03e6661d16', 307584000, NULL, '2012-06-27 13:57:47', NULL);

data/spec/fixtures/integration/signonotron2.sql CHANGED Viewed

@@ -6,7 +6,7 @@ DELETE FROM `permissions`;
 DELETE FROM `users`;
 -- Setup fixture data
-INSERT INTO `oauth_applications` VALUES (1,'GDS_SSO integration test','gds-sso-test','secret','http://www.example-client.com/auth/gds/callback','2012-04-19 13:26:54','2012-04-19 13:26:54', 'http://www.example-client.com/', 'Example client description');
+INSERT INTO `oauth_applications` VALUES (1,'GDS_SSO integration test','gds-sso-test','secret','http://www.example-client.com/auth/gds/callback','2012-04-19 13:26:54','2012-04-19 13:26:54', 'http://home.com', 'GDS_SSO integration test');
 INSERT INTO `users` (id, email, encrypted_password, created_at, updated_at, name, uid, is_admin) VALUES (1,'test@example-client.com','$2a$04$MdMkVFwTq5GLJJkHS8GLIe6dK1.C4ozzba5ZS5Ks2b/NenVsMGGRW','2012-04-19 13:26:54','2012-04-19 13:26:54','Test User','integration-uid', 0);
 INSERT INTO `permissions` (id, user_id, application_id, permissions) VALUES (1,1,1,"---
 - signin

data/spec/internal/db/combustion_test.sqlite CHANGED Viewed

Binary file

data/spec/internal/log/test.log CHANGED Viewed

@@ -1,297 +1,249 @@
 Connecting to database specified by database.yml
-  [1m[36m (2.9ms)[0m  [1mselect sqlite_version(*)[0m
-  [1m[35m (9.2ms)[0m  CREATE TABLE "users" ("id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, "name" varchar(255) NOT NULL, "uid" varchar(255) NOT NULL, "email" varchar(255) NOT NULL, "remotely_signed_out" boolean, "permissions" text)
-  [1m[36m (2.3ms)[0m  [1mCREATE TABLE "schema_migrations" ("version" varchar(255) NOT NULL) [0m
+  [1m[36m (2.8ms)[0m  [1mselect sqlite_version(*)[0m
+  [1m[35m (15.0ms)[0m  CREATE TABLE "users" ("id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, "name" varchar(255) NOT NULL, "uid" varchar(255) NOT NULL, "email" varchar(255) NOT NULL, "remotely_signed_out" boolean, "permissions" text)
+  [1m[36m (2.0ms)[0m  [1mCREATE TABLE "schema_migrations" ("version" varchar(255) NOT NULL) [0m
   [1m[35m (0.0ms)[0m  PRAGMA index_list("schema_migrations")
   [1m[36m (3.1ms)[0m  [1mCREATE UNIQUE INDEX "unique_schema_migrations" ON "schema_migrations" ("version")[0m
   [1m[35m (0.1ms)[0m  begin transaction
-  [1m[36mSQL (7.2ms)[0m  [1mINSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)[0m  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d39182"]]
-  [1m[35m (2.6ms)[0m  commit transaction
+  [1m[36mSQL (28.7ms)[0m  [1mINSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)[0m  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d33754"]]
+  [1m[35m (10.0ms)[0m  commit transaction
 WARNING: Can't mass-assign protected attributes: uid, name, permissions
 Processing by Api::UserController#update as HTML
-  Parameters: {"uid"=>"a1s2d39182"}
-  Rendered /mnt/jenkins/workspace/GDS-SSO/app/views/authorisations/unauthorised.html.erb within layouts/unauthorised (3.5ms)
-Completed 403 Forbidden in 54ms (Views: 53.3ms | ActiveRecord: 0.0ms)
+  Parameters: {"uid"=>"a1s2d33754"}
+  Rendered /mnt/jenkins/workspace/GDS-SSO/app/views/authorisations/unauthorised.html.erb within layouts/unauthorised (4.4ms)
+Completed 403 Forbidden in 203ms (Views: 202.0ms | ActiveRecord: 0.0ms)
   [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
-  [1m[35mSQL (0.3ms)[0m  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d3403"]]
-  [1m[36m (2.5ms)[0m  [1mcommit transaction[0m
+  [1m[35mSQL (0.4ms)[0m  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d39954"]]
+  [1m[36m (2.6ms)[0m  [1mcommit transaction[0m
 Processing by Api::UserController#update as HTML
-  Parameters: {"uid"=>"a1s2d3403"}
-  [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d3403' LIMIT 1
+  Parameters: {"uid"=>"a1s2d39954"}
+  [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d39954' LIMIT 1
   [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
-  [1m[35m (0.3ms)[0m  UPDATE "users" SET "email" = 'user@domain.com', "name" = 'Joshua Marshall', "permissions" = '---
+  [1m[35m (0.4ms)[0m  UPDATE "users" SET "email" = 'user@domain.com', "name" = 'Joshua Marshall', "permissions" = '---
 GDS_SSO integration test:
 - signin
 - new permission
 ' WHERE "users"."id" = 2
-  [1m[36m (69.6ms)[0m  [1mcommit transaction[0m
-Completed 200 OK in 120ms (ActiveRecord: 70.2ms)
+  [1m[36m (10.2ms)[0m  [1mcommit transaction[0m
+Completed 200 OK in 173ms (ActiveRecord: 10.9ms)
   [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1  [["id", 2]]
   [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
-  [1m[35mSQL (0.2ms)[0m  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d38236"]]
-  [1m[36m (2.1ms)[0m  [1mcommit transaction[0m
+  [1m[35mSQL (0.3ms)[0m  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d33374"]]
+  [1m[36m (14.7ms)[0m  [1mcommit transaction[0m
 WARNING: Can't mass-assign protected attributes: uid, name, permissions
 Processing by Api::UserController#reauth as HTML
-  Parameters: {"uid"=>"a1s2d38236"}
+  Parameters: {"uid"=>"a1s2d33374"}
 Completed 403 Forbidden in 2ms (Views: 1.1ms | ActiveRecord: 0.0ms)
   [1m[35m (0.1ms)[0m  begin transaction
-  [1m[36mSQL (0.3ms)[0m  [1mINSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)[0m  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d33440"]]
-  [1m[35m (2.2ms)[0m  commit transaction
-Processing by Api::UserController#reauth as HTML
-  Parameters: {"uid"=>"a1s2d33440"}
-  [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d33440' LIMIT 1[0m
-  [1m[35m (0.0ms)[0m  begin transaction
-  [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '---
-GDS_SSO integration test:
-- signin
-' WHERE "users"."id" = 4[0m
-  [1m[35m (3.0ms)[0m  commit transaction
-Completed 200 OK in 6ms (ActiveRecord: 3.5ms)
-  [1m[36mUser Load (0.1ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1[0m  [["id", 4]]
-Connecting to database specified by database.yml
-  [1m[36m (2.6ms)[0m  [1mselect sqlite_version(*)[0m
-  [1m[35m (10.9ms)[0m  DROP TABLE "users"
-  [1m[36m (3.1ms)[0m  [1mCREATE TABLE "users" ("id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, "name" varchar(255) NOT NULL, "uid" varchar(255) NOT NULL, "email" varchar(255) NOT NULL, "remotely_signed_out" boolean, "permissions" text) [0m
-  [1m[35m (0.1ms)[0m  begin transaction
-  [1m[36mSQL (7.0ms)[0m  [1mINSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)[0m  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d34004"]]
-  [1m[35m (4.3ms)[0m  commit transaction
-WARNING: Can't mass-assign protected attributes: uid, name, permissions
-Processing by Api::UserController#update as HTML
-  Parameters: {"uid"=>"a1s2d34004"}
-  Rendered /mnt/jenkins/workspace/GDS-SSO/app/views/authorisations/unauthorised.html.erb within layouts/unauthorised (3.6ms)
-Completed 403 Forbidden in 53ms (Views: 52.2ms | ActiveRecord: 0.0ms)
-  [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
-  [1m[35mSQL (0.3ms)[0m  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d35273"]]
-  [1m[36m (2.7ms)[0m  [1mcommit transaction[0m
-Processing by Api::UserController#update as HTML
-  Parameters: {"uid"=>"a1s2d35273"}
-  [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d35273' LIMIT 1
-  [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
-  [1m[35m (0.3ms)[0m  UPDATE "users" SET "email" = 'user@domain.com', "name" = 'Joshua Marshall', "permissions" = '---
-GDS_SSO integration test:
-- signin
-- new permission
-' WHERE "users"."id" = 2
-  [1m[36m (2.9ms)[0m  [1mcommit transaction[0m
-Completed 200 OK in 55ms (ActiveRecord: 3.5ms)
-  [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1  [["id", 2]]
-  [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
-  [1m[35mSQL (0.2ms)[0m  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d33207"]]
-  [1m[36m (2.7ms)[0m  [1mcommit transaction[0m
-WARNING: Can't mass-assign protected attributes: uid, name, permissions
+  [1m[36mSQL (10.4ms)[0m  [1mINSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)[0m  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d37905"]]
+  [1m[35m (11.5ms)[0m  commit transaction
 Processing by Api::UserController#reauth as HTML
-  Parameters: {"uid"=>"a1s2d33207"}
-Completed 403 Forbidden in 2ms (Views: 1.1ms | ActiveRecord: 0.0ms)
+  Parameters: {"uid"=>"a1s2d37905"}
+  [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d37905' LIMIT 1[0m
   [1m[35m (0.1ms)[0m  begin transaction
-  [1m[36mSQL (0.3ms)[0m  [1mINSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)[0m  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d32336"]]
-  [1m[35m (2.2ms)[0m  commit transaction
-Processing by Api::UserController#reauth as HTML
-  Parameters: {"uid"=>"a1s2d32336"}
-  [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d32336' LIMIT 1[0m
-  [1m[35m (0.0ms)[0m  begin transaction
-  [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '---
+  [1m[36m (0.3ms)[0m  [1mUPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '---
 GDS_SSO integration test:
 - signin
 ' WHERE "users"."id" = 4[0m
-  [1m[35m (2.3ms)[0m  commit transaction
-Completed 200 OK in 5ms (ActiveRecord: 2.8ms)
+  [1m[35m (4.1ms)[0m  commit transaction
+Completed 200 OK in 7ms (ActiveRecord: 4.7ms)
   [1m[36mUser Load (0.1ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1[0m  [["id", 4]]
-Started GET "/" for 127.0.0.1 at 2012-09-03 14:46:41 +0000
+Started GET "/" for 127.0.0.1 at 2012-09-11 10:01:59 +0000
 Processing by ExampleController#index as HTML
-Completed 200 OK in 6ms (Views: 5.0ms | ActiveRecord: 0.0ms)
+Completed 200 OK in 6ms (Views: 5.5ms | ActiveRecord: 0.0ms)
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 14:46:41 +0000
+Started GET "/restricted" for 127.0.0.1 at 2012-09-11 10:01:59 +0000
 Processing by ExampleController#restricted as HTML
 Authenticating with gds_sso strategy
-Completed   in 17ms
+Completed   in 66ms
-Started GET "/auth/gds" for 127.0.0.1 at 2012-09-03 14:46:41 +0000
+Started GET "/auth/gds" for 127.0.0.1 at 2012-09-11 10:01:59 +0000
-Started GET "/auth/gds/callback?code=1c7626bee3a1a855f6c550eec3e9325ff33cbb486c83a6f4e659737b6afa66fb&state=e0714904e5be0192e09310c9fb1ffb65f774f6727989099a" for 127.0.0.1 at 2012-09-03 14:46:42 +0000
+Started GET "/auth/gds/callback?code=bc84931099e3276d7d1675de3d41254b509092611eddb4b2d086732c2c8afbe1&state=4f848870a8d491f899787a43fac36c6b39f502b06337b832" for 127.0.0.1 at 2012-09-11 10:02:00 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"1c7626bee3a1a855f6c550eec3e9325ff33cbb486c83a6f4e659737b6afa66fb", "state"=>"e0714904e5be0192e09310c9fb1ffb65f774f6727989099a"}
+  Parameters: {"code"=>"bc84931099e3276d7d1675de3d41254b509092611eddb4b2d086732c2c8afbe1", "state"=>"4f848870a8d491f899787a43fac36c6b39f502b06337b832"}
 Authenticating with gds_sso strategy
-  [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+  [1m[35mUser Load (0.3ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
   [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
   [1m[35mSQL (0.3ms)[0m  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "test@example-client.com"], ["name", "Test User"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "integration-uid"]]
-  [1m[36m (12.0ms)[0m  [1mcommit transaction[0m
-  [1m[35m (0.0ms)[0m  begin transaction
-  [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "remotely_signed_out" = 'f', "permissions" = '---
+  [1m[36m (16.6ms)[0m  [1mcommit transaction[0m
+  [1m[35m (0.1ms)[0m  begin transaction
+  [1m[36m (0.3ms)[0m  [1mUPDATE "users" SET "remotely_signed_out" = 'f', "permissions" = '---
 GDS_SSO integration test:
 - signin
 ' WHERE "users"."id" = 5[0m
-  [1m[35m (2.7ms)[0m  commit transaction
+  [1m[35m (2.0ms)[0m  commit transaction
 Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 21ms (ActiveRecord: 15.5ms)
+Completed 302 Found in 26ms (ActiveRecord: 19.6ms)
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 14:46:42 +0000
+Started GET "/restricted" for 127.0.0.1 at 2012-09-11 10:02:00 +0000
 Processing by ExampleController#restricted as HTML
-  [1m[36mUser Load (0.1ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
-Completed 200 OK in 2ms (Views: 0.5ms | ActiveRecord: 0.1ms)
+  [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
+Completed 200 OK in 2ms (Views: 0.5ms | ActiveRecord: 0.2ms)
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 14:46:42 +0000
+Started GET "/restricted" for 127.0.0.1 at 2012-09-11 10:02:00 +0000
 Processing by ExampleController#restricted as HTML
 Authenticating with gds_sso strategy
 Completed   in 0ms
-Started GET "/auth/gds" for 127.0.0.1 at 2012-09-03 14:46:42 +0000
+Started GET "/auth/gds" for 127.0.0.1 at 2012-09-11 10:02:00 +0000
-Started GET "/auth/gds/callback?code=d44e4ba6e033b2116af054119b5d11adb0416f722b1a88c18b17ac0d2dc806f6&state=3e64422d7a74149fd8aeb6591ffbe29ce42cda71babcb162" for 127.0.0.1 at 2012-09-03 14:46:43 +0000
+Started GET "/auth/gds/callback?code=5b3104133f5bacd7eb2fb72c7a9ecf06d1bfb591185fb81664b78b64e89c558b&state=02cd24c5380efba67d46452845a54f655b2c877a0838e80f" for 127.0.0.1 at 2012-09-11 10:02:01 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"d44e4ba6e033b2116af054119b5d11adb0416f722b1a88c18b17ac0d2dc806f6", "state"=>"3e64422d7a74149fd8aeb6591ffbe29ce42cda71babcb162"}
+  Parameters: {"code"=>"5b3104133f5bacd7eb2fb72c7a9ecf06d1bfb591185fb81664b78b64e89c558b", "state"=>"02cd24c5380efba67d46452845a54f655b2c877a0838e80f"}
 Authenticating with gds_sso strategy
-  [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+  [1m[35mUser Load (0.3ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
   [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
-  [1m[35m (0.2ms)[0m  UPDATE "users" SET "permissions" = '---
+  [1m[35m (0.3ms)[0m  UPDATE "users" SET "permissions" = '---
 GDS_SSO integration test:
 - signin
 ' WHERE "users"."id" = 5
-  [1m[36m (7.0ms)[0m  [1mcommit transaction[0m
-  [1m[35m (0.0ms)[0m  begin transaction
-  [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
+  [1m[36m (6.0ms)[0m  [1mcommit transaction[0m
+  [1m[35m (0.1ms)[0m  begin transaction
+  [1m[36m (0.3ms)[0m  [1mUPDATE "users" SET "permissions" = '---
 GDS_SSO integration test:
 - signin
 ' WHERE "users"."id" = 5[0m
-  [1m[35m (2.8ms)[0m  commit transaction
+  [1m[35m (2.3ms)[0m  commit transaction
 Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 16ms (ActiveRecord: 10.7ms)
+Completed 302 Found in 15ms (ActiveRecord: 9.2ms)
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 14:46:43 +0000
+Started GET "/restricted" for 127.0.0.1 at 2012-09-11 10:02:01 +0000
 Processing by ExampleController#restricted as HTML
-  [1m[36mUser Load (0.1ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
-Completed 200 OK in 2ms (Views: 0.5ms | ActiveRecord: 0.1ms)
+  [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
+Completed 200 OK in 2ms (Views: 0.6ms | ActiveRecord: 0.2ms)
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 14:46:43 +0000
+Started GET "/restricted" for 127.0.0.1 at 2012-09-11 10:02:01 +0000
 Processing by ExampleController#restricted as HTML
 Authenticating with gds_sso strategy
 Completed   in 0ms
-Started GET "/auth/gds" for 127.0.0.1 at 2012-09-03 14:46:43 +0000
+Started GET "/auth/gds" for 127.0.0.1 at 2012-09-11 10:02:01 +0000
-Started GET "/auth/gds/callback?code=b2d39d1f07e8c403c9d5fd45136eec45463727bbacffb6a81cf0fb17acfc4943&state=c4df828c99b43b76e4bd68f21a48f4ffb800b391bd4d5058" for 127.0.0.1 at 2012-09-03 14:46:43 +0000
+Started GET "/auth/gds/callback?code=3595fb01ce5a4cbbcfa22394ad4b902d9797dd732434a5d7e23ae903bc18dafe&state=83dd91285e2e6b4c20e166d9200a3f8cae4b9189c4a07d98" for 127.0.0.1 at 2012-09-11 10:02:01 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"b2d39d1f07e8c403c9d5fd45136eec45463727bbacffb6a81cf0fb17acfc4943", "state"=>"c4df828c99b43b76e4bd68f21a48f4ffb800b391bd4d5058"}
+  Parameters: {"code"=>"3595fb01ce5a4cbbcfa22394ad4b902d9797dd732434a5d7e23ae903bc18dafe", "state"=>"83dd91285e2e6b4c20e166d9200a3f8cae4b9189c4a07d98"}
 Authenticating with gds_sso strategy
-  [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+  [1m[35mUser Load (0.5ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
   [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
-  [1m[35m (0.2ms)[0m  UPDATE "users" SET "permissions" = '---
+  [1m[35m (0.3ms)[0m  UPDATE "users" SET "permissions" = '---
 GDS_SSO integration test:
 - signin
 ' WHERE "users"."id" = 5
-  [1m[36m (10.0ms)[0m  [1mcommit transaction[0m
+  [1m[36m (8.6ms)[0m  [1mcommit transaction[0m
   [1m[35m (0.0ms)[0m  begin transaction
   [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
 GDS_SSO integration test:
 - signin
 ' WHERE "users"."id" = 5[0m
-  [1m[35m (2.2ms)[0m  commit transaction
+  [1m[35m (2.0ms)[0m  commit transaction
 Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 17ms (ActiveRecord: 12.9ms)
+Completed 302 Found in 16ms (ActiveRecord: 11.6ms)
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 14:46:43 +0000
+Started GET "/restricted" for 127.0.0.1 at 2012-09-11 10:02:01 +0000
 Processing by ExampleController#restricted as HTML
   [1m[36mUser Load (0.1ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
 Completed 200 OK in 1ms (Views: 0.3ms | ActiveRecord: 0.1ms)
-Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-09-03 14:46:43 +0000
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-09-11 10:02:01 +0000
 Processing by ExampleController#this_requires_signin_permission as HTML
 Authenticating with gds_sso strategy
 Completed   in 1ms
-Started GET "/auth/gds" for 127.0.0.1 at 2012-09-03 14:46:43 +0000
+Started GET "/auth/gds" for 127.0.0.1 at 2012-09-11 10:02:01 +0000
-Started GET "/auth/gds/callback?code=6a5d347eef9fa0d1bcfa44aa287ffe11edc4ab1b7cd14fac11ccbd2a6b11f9f2&state=cb41e6aafa78b5d29eeb3fdf6f647bb8bd107f6a5e1b7746" for 127.0.0.1 at 2012-09-03 14:46:43 +0000
+Started GET "/auth/gds/callback?code=21a6b7417ba8925e677e350ab50b069a60e0f7f9acac712dea65155a0b2ec392&state=2f3d359a9ebea337e7e387caf2a2316414d2679155b4ced4" for 127.0.0.1 at 2012-09-11 10:02:01 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"6a5d347eef9fa0d1bcfa44aa287ffe11edc4ab1b7cd14fac11ccbd2a6b11f9f2", "state"=>"cb41e6aafa78b5d29eeb3fdf6f647bb8bd107f6a5e1b7746"}
+  Parameters: {"code"=>"21a6b7417ba8925e677e350ab50b069a60e0f7f9acac712dea65155a0b2ec392", "state"=>"2f3d359a9ebea337e7e387caf2a2316414d2679155b4ced4"}
 Authenticating with gds_sso strategy
   [1m[35mUser Load (0.3ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
   [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
-  [1m[35m (0.2ms)[0m  UPDATE "users" SET "permissions" = '---
+  [1m[35m (0.3ms)[0m  UPDATE "users" SET "permissions" = '---
 GDS_SSO integration test:
 - signin
 ' WHERE "users"."id" = 5
-  [1m[36m (7.5ms)[0m  [1mcommit transaction[0m
+  [1m[36m (7.9ms)[0m  [1mcommit transaction[0m
   [1m[35m (0.1ms)[0m  begin transaction
-  [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
+  [1m[36m (0.3ms)[0m  [1mUPDATE "users" SET "permissions" = '---
 GDS_SSO integration test:
 - signin
 ' WHERE "users"."id" = 5[0m
-  [1m[35m (2.5ms)[0m  commit transaction
+  [1m[35m (2.0ms)[0m  commit transaction
 Redirected to http://www.example-client.com/this_requires_signin_permission
-Completed 302 Found in 16ms (ActiveRecord: 10.8ms)
+Completed 302 Found in 17ms (ActiveRecord: 10.9ms)
-Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-09-03 14:46:43 +0000
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-09-11 10:02:01 +0000
 Processing by ExampleController#this_requires_signin_permission as HTML
   [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
-Completed 200 OK in 2ms (Views: 0.5ms | ActiveRecord: 0.2ms)
+Completed 200 OK in 2ms (Views: 0.6ms | ActiveRecord: 0.2ms)
-Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-09-03 14:46:43 +0000
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-09-11 10:02:01 +0000
 Processing by ExampleController#this_requires_signin_permission as HTML
 Authenticating with gds_sso strategy
 Completed   in 0ms
-Started GET "/auth/gds" for 127.0.0.1 at 2012-09-03 14:46:43 +0000
+Started GET "/auth/gds" for 127.0.0.1 at 2012-09-11 10:02:01 +0000
-Started GET "/auth/gds/callback?code=053d4040df501e3673e97fd16603222738e71eb3e7a76be95e21a6042c632b97&state=efc86b0e5b013949dc6a213203e28d17e178e139a643951b" for 127.0.0.1 at 2012-09-03 14:46:44 +0000
+Started GET "/auth/gds/callback?code=767d96b4cd5158a5784e4b5c6d6312f0b693e72fc3d6184fd9ba9c897d476586&state=61a43f3371db677a3c7f84b2278c47b819576459845bc9cc" for 127.0.0.1 at 2012-09-11 10:02:02 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"053d4040df501e3673e97fd16603222738e71eb3e7a76be95e21a6042c632b97", "state"=>"efc86b0e5b013949dc6a213203e28d17e178e139a643951b"}
+  Parameters: {"code"=>"767d96b4cd5158a5784e4b5c6d6312f0b693e72fc3d6184fd9ba9c897d476586", "state"=>"61a43f3371db677a3c7f84b2278c47b819576459845bc9cc"}
 Authenticating with gds_sso strategy
   [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
   [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
-  [1m[35m (0.2ms)[0m  UPDATE "users" SET "permissions" = '---
+  [1m[35m (0.3ms)[0m  UPDATE "users" SET "permissions" = '---
 GDS_SSO integration test:
 - signin
 ' WHERE "users"."id" = 5
-  [1m[36m (8.9ms)[0m  [1mcommit transaction[0m
+  [1m[36m (5.5ms)[0m  [1mcommit transaction[0m
   [1m[35m (0.1ms)[0m  begin transaction
   [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
 GDS_SSO integration test:
 - signin
 ' WHERE "users"."id" = 5[0m
-  [1m[35m (2.8ms)[0m  commit transaction
+  [1m[35m (1.8ms)[0m  commit transaction
 Redirected to http://www.example-client.com/this_requires_signin_permission
-Completed 302 Found in 17ms (ActiveRecord: 12.4ms)
+Completed 302 Found in 13ms (ActiveRecord: 8.2ms)
-Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-09-03 14:46:44 +0000
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-09-11 10:02:02 +0000
 Processing by ExampleController#this_requires_signin_permission as HTML
   [1m[36mUser Load (0.1ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
 Completed 200 OK in 1ms (Views: 0.4ms | ActiveRecord: 0.1ms)
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 14:46:44 +0000
+Started GET "/restricted" for 127.0.0.1 at 2012-09-11 10:02:02 +0000
 Processing by ExampleController#restricted as HTML
 Authenticating with gds_sso strategy
 Completed   in 0ms
-Started GET "/auth/gds" for 127.0.0.1 at 2012-09-03 14:46:44 +0000
+Started GET "/auth/gds" for 127.0.0.1 at 2012-09-11 10:02:02 +0000
-Started GET "/auth/gds/callback?code=bde4cebe3abcb1595384d60812151f85968a5bc8df4f3c56ccf7a10b8e66ff2a&state=58a4d738c5f93d4d577e09331a77e2d95cde947cece3ac17" for 127.0.0.1 at 2012-09-03 14:46:44 +0000
+Started GET "/auth/gds/callback?code=712ca60a2012e4b3fc6789708c2b61939b2b21cc086396baea54e9f3b0887652&state=ee049bfbaf70f4b475816a2c148d44e44691399094cff596" for 127.0.0.1 at 2012-09-11 10:02:02 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"bde4cebe3abcb1595384d60812151f85968a5bc8df4f3c56ccf7a10b8e66ff2a", "state"=>"58a4d738c5f93d4d577e09331a77e2d95cde947cece3ac17"}
+  Parameters: {"code"=>"712ca60a2012e4b3fc6789708c2b61939b2b21cc086396baea54e9f3b0887652", "state"=>"ee049bfbaf70f4b475816a2c148d44e44691399094cff596"}
 Authenticating with gds_sso strategy
   [1m[35mUser Load (0.3ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
   [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
@@ -299,660 +251,250 @@ Authenticating with gds_sso strategy
 GDS_SSO integration test:
 - signin
 ' WHERE "users"."id" = 5
-  [1m[36m (7.0ms)[0m  [1mcommit transaction[0m
-  [1m[35m (0.0ms)[0m  begin transaction
-  [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
+  [1m[36m (18.5ms)[0m  [1mcommit transaction[0m
+  [1m[35m (0.1ms)[0m  begin transaction
+  [1m[36m (0.3ms)[0m  [1mUPDATE "users" SET "permissions" = '---
 GDS_SSO integration test:
 - signin
 ' WHERE "users"."id" = 5[0m
-  [1m[35m (2.2ms)[0m  commit transaction
+  [1m[35m (1.9ms)[0m  commit transaction
 Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 15ms (ActiveRecord: 10.1ms)
+Completed 302 Found in 27ms (ActiveRecord: 21.3ms)
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 14:46:44 +0000
+Started GET "/restricted" for 127.0.0.1 at 2012-09-11 10:02:02 +0000
 Processing by ExampleController#restricted as HTML
-  [1m[36mUser Load (0.1ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
-Completed 200 OK in 1ms (Views: 0.5ms | ActiveRecord: 0.1ms)
+  [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
+Completed 200 OK in 2ms (Views: 0.6ms | ActiveRecord: 0.2ms)
   [1m[35mUser Load (0.1ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-  [1m[36m (0.0ms)[0m  [1mbegin transaction[0m
-  [1m[35m (0.2ms)[0m  UPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '---
+  [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
+  [1m[35m (0.3ms)[0m  UPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '---
 GDS_SSO integration test:
 - signin
 ' WHERE "users"."id" = 5
-  [1m[36m (2.7ms)[0m  [1mcommit transaction[0m
+  [1m[36m (2.6ms)[0m  [1mcommit transaction[0m
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 14:46:44 +0000
+Started GET "/restricted" for 127.0.0.1 at 2012-09-11 10:02:02 +0000
 Processing by ExampleController#restricted as HTML
   [1m[35mUser Load (0.1ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
 Filter chain halted as :authenticate_user! rendered or redirected
-Completed 403 Forbidden in 3ms (Views: 2.3ms | ActiveRecord: 0.1ms)
+Completed 403 Forbidden in 65ms (Views: 63.5ms | ActiveRecord: 0.1ms)
-Started GET "/auth/gds/sign_out" for 127.0.0.1 at 2012-09-03 14:46:44 +0000
+Started GET "/auth/gds/sign_out" for 127.0.0.1 at 2012-09-11 10:02:02 +0000
 Processing by AuthenticationsController#sign_out as HTML
 Redirected to http://localhost:4567/users/sign_out
 Completed 302 Found in 1ms (ActiveRecord: 0.0ms)
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 14:46:44 +0000
+Started GET "/restricted" for 127.0.0.1 at 2012-09-11 10:02:03 +0000
 Processing by ExampleController#restricted as HTML
 Authenticating with gds_sso strategy
 Completed   in 0ms
-Started GET "/auth/gds" for 127.0.0.1 at 2012-09-03 14:46:44 +0000
+Started GET "/auth/gds" for 127.0.0.1 at 2012-09-11 10:02:03 +0000
-Started GET "/auth/gds/callback?code=a3bfab5ccfcc9dbaf6f6f287ae25940fa416910c3aa20a4ef0aef6617343574c&state=371fd5bf1f8c3c1bb9f0c2cec6b54a2991f21057883a4851" for 127.0.0.1 at 2012-09-03 14:46:44 +0000
+Started GET "/auth/gds/callback?code=472ae08fd98a1ca4a5beb68c24d61d6061a483be0aa092b202711316e5c2b964&state=7dea408a684c3e330be0b5500ac3f72720ea392f324a8a13" for 127.0.0.1 at 2012-09-11 10:02:03 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"a3bfab5ccfcc9dbaf6f6f287ae25940fa416910c3aa20a4ef0aef6617343574c", "state"=>"371fd5bf1f8c3c1bb9f0c2cec6b54a2991f21057883a4851"}
+  Parameters: {"code"=>"472ae08fd98a1ca4a5beb68c24d61d6061a483be0aa092b202711316e5c2b964", "state"=>"7dea408a684c3e330be0b5500ac3f72720ea392f324a8a13"}
 Authenticating with gds_sso strategy
   [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
   [1m[35m (0.1ms)[0m  begin transaction
-  [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
+  [1m[36m (0.3ms)[0m  [1mUPDATE "users" SET "permissions" = '---
 GDS_SSO integration test:
 - signin
 ' WHERE "users"."id" = 5[0m
-  [1m[35m (9.6ms)[0m  commit transaction
+  [1m[35m (9.3ms)[0m  commit transaction
   [1m[36m (0.0ms)[0m  [1mbegin transaction[0m
   [1m[35m (0.2ms)[0m  UPDATE "users" SET "remotely_signed_out" = 'f', "permissions" = '---
 GDS_SSO integration test:
 - signin
 ' WHERE "users"."id" = 5
-  [1m[36m (2.2ms)[0m  [1mcommit transaction[0m
+  [1m[36m (1.8ms)[0m  [1mcommit transaction[0m
 Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 17ms (ActiveRecord: 12.5ms)
+Completed 302 Found in 16ms (ActiveRecord: 11.8ms)
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 14:46:45 +0000
+Started GET "/restricted" for 127.0.0.1 at 2012-09-11 10:02:03 +0000
 Processing by ExampleController#restricted as HTML
   [1m[35mUser Load (0.1ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
 Completed 200 OK in 1ms (Views: 0.4ms | ActiveRecord: 0.1ms)
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 14:46:45 +0000
+Started GET "/restricted" for 127.0.0.1 at 2012-09-11 10:02:03 +0000
 Processing by ExampleController#restricted as HTML
 Authenticating with gds_sso strategy
 Completed   in 0ms
-Started GET "/auth/gds" for 127.0.0.1 at 2012-09-03 14:46:45 +0000
+Started GET "/auth/gds" for 127.0.0.1 at 2012-09-11 10:02:03 +0000
-Started GET "/auth/gds/callback?code=fa04cd55ffdb943c717a438f4974a4847d6a85b0099867c257a507502556e3db&state=07556e192c0cf18768ac3420945521a270785ace790fdb47" for 127.0.0.1 at 2012-09-03 14:46:45 +0000
+Started GET "/auth/gds/callback?code=5b0fc8e24c8ca6591c9b8065ff6fed1ee7e43855b918baad2e3d9d317f911b17&state=ce98454ef561cccbf83d6cab3ea3441f498dd7e9171a14c2" for 127.0.0.1 at 2012-09-11 10:02:03 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"fa04cd55ffdb943c717a438f4974a4847d6a85b0099867c257a507502556e3db", "state"=>"07556e192c0cf18768ac3420945521a270785ace790fdb47"}
+  Parameters: {"code"=>"5b0fc8e24c8ca6591c9b8065ff6fed1ee7e43855b918baad2e3d9d317f911b17", "state"=>"ce98454ef561cccbf83d6cab3ea3441f498dd7e9171a14c2"}
 Authenticating with gds_sso strategy
-  [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
+  [1m[36mUser Load (0.3ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
   [1m[35m (0.1ms)[0m  begin transaction
-  [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
+  [1m[36m (0.3ms)[0m  [1mUPDATE "users" SET "permissions" = '---
 GDS_SSO integration test:
 - signin
 ' WHERE "users"."id" = 5[0m
-  [1m[35m (7.6ms)[0m  commit transaction
+  [1m[35m (16.5ms)[0m  commit transaction
   [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
-  [1m[35m (0.2ms)[0m  UPDATE "users" SET "permissions" = '---
+  [1m[35m (0.3ms)[0m  UPDATE "users" SET "permissions" = '---
 GDS_SSO integration test:
 - signin
 ' WHERE "users"."id" = 5
   [1m[36m (2.8ms)[0m  [1mcommit transaction[0m
 Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 17ms (ActiveRecord: 11.2ms)
+Completed 302 Found in 26ms (ActiveRecord: 20.3ms)
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 14:46:45 +0000
+Started GET "/restricted" for 127.0.0.1 at 2012-09-11 10:02:03 +0000
 Processing by ExampleController#restricted as HTML
-  [1m[35mUser Load (0.1ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-Completed 200 OK in 2ms (Views: 0.6ms | ActiveRecord: 0.1ms)
+  [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 2ms (Views: 0.6ms | ActiveRecord: 0.2ms)
-Started GET "/restricted" for 127.0.0.1 at 2012-09-04 10:51:45 +0000
+Started GET "/restricted" for 127.0.0.1 at 2012-09-12 06:07:03 +0000
 Processing by ExampleController#restricted as HTML
 Authenticating with gds_sso strategy
 Completed   in 0ms
-Started GET "/auth/gds" for 127.0.0.1 at 2012-09-04 10:51:45 +0000
+Started GET "/auth/gds" for 127.0.0.1 at 2012-09-12 06:07:03 +0000
-Started GET "/auth/gds/callback?code=129ae989edfb10b1189524abb83f4ebdda68530fec23809d09e778c04c5c49ab&state=bf25823ef68c9ed8efcc024ad071edc2fc072a30accfc49f" for 127.0.0.1 at 2012-09-04 10:51:45 +0000
+Started GET "/auth/gds/callback?code=0f062933a2c6b3dd7d81bc94783a1a956488a2657e89d852cdfef83d753e094f&state=a2bc36a88756773441cfb3d4f70a93dfcc6cec5168b2d967" for 127.0.0.1 at 2012-09-12 06:07:03 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"129ae989edfb10b1189524abb83f4ebdda68530fec23809d09e778c04c5c49ab", "state"=>"bf25823ef68c9ed8efcc024ad071edc2fc072a30accfc49f"}
+  Parameters: {"code"=>"0f062933a2c6b3dd7d81bc94783a1a956488a2657e89d852cdfef83d753e094f", "state"=>"a2bc36a88756773441cfb3d4f70a93dfcc6cec5168b2d967"}
 Authenticating with gds_sso strategy
   [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
   [1m[35m (0.1ms)[0m  begin transaction
-  [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
+  [1m[36m (0.3ms)[0m  [1mUPDATE "users" SET "permissions" = '---
 GDS_SSO integration test:
 - signin
 ' WHERE "users"."id" = 5[0m
-  [1m[35m (8.6ms)[0m  commit transaction
+  [1m[35m (8.7ms)[0m  commit transaction
   [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
-  [1m[35m (0.2ms)[0m  UPDATE "users" SET "permissions" = '---
+  [1m[35m (0.3ms)[0m  UPDATE "users" SET "permissions" = '---
 GDS_SSO integration test:
 - signin
 ' WHERE "users"."id" = 5
-  [1m[36m (2.2ms)[0m  [1mcommit transaction[0m
+  [1m[36m (1.9ms)[0m  [1mcommit transaction[0m
 Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 17ms (ActiveRecord: 11.7ms)
+Completed 302 Found in 17ms (ActiveRecord: 11.5ms)
-Started GET "/restricted" for 127.0.0.1 at 2012-09-04 10:51:45 +0000
+Started GET "/restricted" for 127.0.0.1 at 2012-09-12 06:07:03 +0000
 Processing by ExampleController#restricted as HTML
   [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
 Completed 200 OK in 2ms (Views: 0.5ms | ActiveRecord: 0.2ms)
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 14:46:45 +0000
+Started GET "/restricted" for 127.0.0.1 at 2012-09-11 10:02:03 +0000
 Processing by ExampleController#restricted as HTML
 Authenticating with gds_sso strategy
 Completed   in 0ms
-Started GET "/auth/gds" for 127.0.0.1 at 2012-09-03 14:46:45 +0000
+Started GET "/auth/gds" for 127.0.0.1 at 2012-09-11 10:02:03 +0000
-Started GET "/auth/gds/callback?code=34bfca3163b0af5bc840b79bbd85dfac4af1d797c91d253478e95dd6719b3c07&state=3639569b7dea3fcd7ab330567f0cda89bfc6e8cb939d7088" for 127.0.0.1 at 2012-09-03 14:46:45 +0000
+Started GET "/auth/gds/callback?code=390edc06dfc6ad00a3f5b9f7c707f2e294d752627dcf2973dc6a444203fc347a&state=492aa5f66f74fe69b4f9ef2143cfb218b5d5c77a057e577c" for 127.0.0.1 at 2012-09-11 10:02:04 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"34bfca3163b0af5bc840b79bbd85dfac4af1d797c91d253478e95dd6719b3c07", "state"=>"3639569b7dea3fcd7ab330567f0cda89bfc6e8cb939d7088"}
+  Parameters: {"code"=>"390edc06dfc6ad00a3f5b9f7c707f2e294d752627dcf2973dc6a444203fc347a", "state"=>"492aa5f66f74fe69b4f9ef2143cfb218b5d5c77a057e577c"}
 Authenticating with gds_sso strategy
   [1m[36mUser Load (0.3ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
   [1m[35m (0.1ms)[0m  begin transaction
-  [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
+  [1m[36m (0.3ms)[0m  [1mUPDATE "users" SET "permissions" = '---
 GDS_SSO integration test:
 - signin
 ' WHERE "users"."id" = 5[0m
-  [1m[35m (8.2ms)[0m  commit transaction
+  [1m[35m (6.0ms)[0m  commit transaction
   [1m[36m (0.0ms)[0m  [1mbegin transaction[0m
   [1m[35m (0.2ms)[0m  UPDATE "users" SET "permissions" = '---
 GDS_SSO integration test:
 - signin
 ' WHERE "users"."id" = 5
-  [1m[36m (2.2ms)[0m  [1mcommit transaction[0m
+  [1m[36m (2.1ms)[0m  [1mcommit transaction[0m
 Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 17ms (ActiveRecord: 11.2ms)
+Completed 302 Found in 16ms (ActiveRecord: 9.0ms)
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 14:46:45 +0000
+Started GET "/restricted" for 127.0.0.1 at 2012-09-11 10:02:04 +0000
 Processing by ExampleController#restricted as HTML
   [1m[35mUser Load (0.1ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
 Completed 200 OK in 1ms (Views: 0.5ms | ActiveRecord: 0.1ms)
-Started GET "/restricted" for 127.0.0.1 at 2012-09-04 10:41:45 +0000
+Started GET "/restricted" for 127.0.0.1 at 2012-09-12 05:57:04 +0000
 Processing by ExampleController#restricted as HTML
   [1m[36mUser Load (0.1ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
 Completed 200 OK in 1ms (Views: 0.2ms | ActiveRecord: 0.1ms)
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 14:46:45 +0000
+Started GET "/restricted" for 127.0.0.1 at 2012-09-11 10:02:04 +0000
 Processing by ExampleController#restricted as JSON
 Authenticating with gds_sso_api_access strategy
-Completed   in 12ms
+Completed   in 47ms
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 14:46:46 +0000
+Started GET "/restricted" for 127.0.0.1 at 2012-09-11 10:02:04 +0000
 Processing by ExampleController#restricted as JSON
 Authenticating with gds_sso_api_access strategy
-Completed 200 OK in 1ms (Views: 0.5ms | ActiveRecord: 0.0ms)
+Completed 200 OK in 1ms (Views: 0.6ms | ActiveRecord: 0.0ms)
-Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-09-03 14:46:46 +0000
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-09-11 10:02:04 +0000
 Processing by ExampleController#this_requires_signin_permission as JSON
 Authenticating with gds_sso_api_access strategy
 Completed 200 OK in 1ms (Views: 0.3ms | ActiveRecord: 0.0ms)
-Connecting to database specified by database.yml
-  [1m[36m (2.6ms)[0m  [1mselect sqlite_version(*)[0m
-  [1m[35m (15.2ms)[0m  DROP TABLE "users"
-  [1m[36m (3.2ms)[0m  [1mCREATE TABLE "users" ("id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, "name" varchar(255) NOT NULL, "uid" varchar(255) NOT NULL, "email" varchar(255) NOT NULL, "remotely_signed_out" boolean, "permissions" text) [0m
-  [1m[35m (0.1ms)[0m  begin transaction
-  [1m[36mSQL (7.4ms)[0m  [1mINSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)[0m  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d36341"]]
-  [1m[35m (2.8ms)[0m  commit transaction
-WARNING: Can't mass-assign protected attributes: uid, name, permissions
-Processing by Api::UserController#update as HTML
-  Parameters: {"uid"=>"a1s2d36341"}
-  Rendered /mnt/jenkins/workspace/GDS-SSO/app/views/authorisations/unauthorised.html.erb within layouts/unauthorised (3.3ms)
-Completed 403 Forbidden in 54ms (Views: 52.9ms | ActiveRecord: 0.0ms)
-  [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
-  [1m[35mSQL (0.3ms)[0m  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d35869"]]
-  [1m[36m (2.7ms)[0m  [1mcommit transaction[0m
-Processing by Api::UserController#update as HTML
-  Parameters: {"uid"=>"a1s2d35869"}
-  [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d35869' LIMIT 1
-  [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
-  [1m[35m (5.7ms)[0m  UPDATE "users" SET "email" = 'user@domain.com', "name" = 'Joshua Marshall', "permissions" = '---
-GDS_SSO integration test:
-- signin
-- new permission
-' WHERE "users"."id" = 2
-  [1m[36m (2.8ms)[0m  [1mcommit transaction[0m
-Completed 200 OK in 58ms (ActiveRecord: 8.8ms)
-  [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1  [["id", 2]]
-  [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
-  [1m[35mSQL (0.2ms)[0m  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d33885"]]
-  [1m[36m (2.2ms)[0m  [1mcommit transaction[0m
-WARNING: Can't mass-assign protected attributes: uid, name, permissions
-Processing by Api::UserController#reauth as HTML
-  Parameters: {"uid"=>"a1s2d33885"}
-Completed 403 Forbidden in 2ms (Views: 1.1ms | ActiveRecord: 0.0ms)
-  [1m[35m (0.1ms)[0m  begin transaction
-  [1m[36mSQL (0.2ms)[0m  [1mINSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)[0m  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d37520"]]
-  [1m[35m (2.2ms)[0m  commit transaction
-Processing by Api::UserController#reauth as HTML
-  Parameters: {"uid"=>"a1s2d37520"}
-  [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d37520' LIMIT 1[0m
-  [1m[35m (0.0ms)[0m  begin transaction
-  [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '---
-GDS_SSO integration test:
-- signin
-' WHERE "users"."id" = 4[0m
-  [1m[35m (2.4ms)[0m  commit transaction
-Completed 200 OK in 5ms (ActiveRecord: 2.8ms)
-  [1m[36mUser Load (0.1ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1[0m  [["id", 4]]
-Started GET "/" for 127.0.0.1 at 2012-09-03 16:59:11 +0000
-Processing by ExampleController#index as HTML
-Completed 200 OK in 6ms (Views: 5.2ms | ActiveRecord: 0.0ms)
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 16:59:11 +0000
-Processing by ExampleController#restricted as HTML
-Authenticating with gds_sso strategy
-Completed   in 17ms
-Started GET "/auth/gds" for 127.0.0.1 at 2012-09-03 16:59:11 +0000
-Started GET "/auth/gds/callback?code=81cda0826d64a158b5d95a3f56dbf4271e579302f7a08627ecc82c9edce2cf24&state=f8164ca491d63bf1debf98ffda5e5d77e966cab765b4d94e" for 127.0.0.1 at 2012-09-03 16:59:12 +0000
-Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"81cda0826d64a158b5d95a3f56dbf4271e579302f7a08627ecc82c9edce2cf24", "state"=>"f8164ca491d63bf1debf98ffda5e5d77e966cab765b4d94e"}
-Authenticating with gds_sso strategy
-  [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-  [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
-  [1m[35mSQL (0.3ms)[0m  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "test@example-client.com"], ["name", "Test User"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "integration-uid"]]
-  [1m[36m (11.8ms)[0m  [1mcommit transaction[0m
-  [1m[35m (0.0ms)[0m  begin transaction
-  [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "remotely_signed_out" = 'f', "permissions" = '---
-GDS_SSO integration test:
-- signin
-' WHERE "users"."id" = 5[0m
-  [1m[35m (2.7ms)[0m  commit transaction
-Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 21ms (ActiveRecord: 15.3ms)
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 16:59:12 +0000
-Processing by ExampleController#restricted as HTML
-  [1m[36mUser Load (0.1ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
-Completed 200 OK in 2ms (Views: 0.5ms | ActiveRecord: 0.1ms)
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 16:59:12 +0000
-Processing by ExampleController#restricted as HTML
-Authenticating with gds_sso strategy
-Completed   in 0ms
-Started GET "/auth/gds" for 127.0.0.1 at 2012-09-03 16:59:12 +0000
-Started GET "/auth/gds/callback?code=40a551b8f54f278bc823e1450a69f29470b18b28fe539804b433c1c85b9d938c&state=9232ab5351883e75d19211af4605983aadbf37db1fb629a6" for 127.0.0.1 at 2012-09-03 16:59:12 +0000
-Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"40a551b8f54f278bc823e1450a69f29470b18b28fe539804b433c1c85b9d938c", "state"=>"9232ab5351883e75d19211af4605983aadbf37db1fb629a6"}
-Authenticating with gds_sso strategy
-  [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-  [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
-  [1m[35m (0.2ms)[0m  UPDATE "users" SET "permissions" = '---
-GDS_SSO integration test:
-- signin
-' WHERE "users"."id" = 5
-  [1m[36m (6.5ms)[0m  [1mcommit transaction[0m
-  [1m[35m (0.1ms)[0m  begin transaction
-  [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
-GDS_SSO integration test:
-- signin
-' WHERE "users"."id" = 5[0m
-  [1m[35m (2.7ms)[0m  commit transaction
-Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 16ms (ActiveRecord: 10.0ms)
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 16:59:12 +0000
-Processing by ExampleController#restricted as HTML
-  [1m[36mUser Load (0.1ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
-Completed 200 OK in 2ms (Views: 0.6ms | ActiveRecord: 0.1ms)
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 16:59:12 +0000
-Processing by ExampleController#restricted as HTML
-Authenticating with gds_sso strategy
-Completed   in 0ms
-Started GET "/auth/gds" for 127.0.0.1 at 2012-09-03 16:59:13 +0000
-Started GET "/auth/gds/callback?code=6e3c37583e10792679a530a49025f242343843376b8b0127cdafcea564e05a37&state=209f831be25313ef857cd21db7709427a9a5ea052e058946" for 127.0.0.1 at 2012-09-03 16:59:13 +0000
-Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"6e3c37583e10792679a530a49025f242343843376b8b0127cdafcea564e05a37", "state"=>"209f831be25313ef857cd21db7709427a9a5ea052e058946"}
-Authenticating with gds_sso strategy
-  [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-  [1m[36m (0.0ms)[0m  [1mbegin transaction[0m
-  [1m[35m (0.2ms)[0m  UPDATE "users" SET "permissions" = '---
-GDS_SSO integration test:
-- signin
-' WHERE "users"."id" = 5
-  [1m[36m (10.5ms)[0m  [1mcommit transaction[0m
-  [1m[35m (0.0ms)[0m  begin transaction
-  [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
-GDS_SSO integration test:
-- signin
-' WHERE "users"."id" = 5[0m
-  [1m[35m (2.8ms)[0m  commit transaction
-Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 18ms (ActiveRecord: 13.9ms)
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 16:59:13 +0000
-Processing by ExampleController#restricted as HTML
-  [1m[36mUser Load (0.1ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
-Completed 200 OK in 1ms (Views: 0.3ms | ActiveRecord: 0.1ms)
-Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-09-03 16:59:13 +0000
-Processing by ExampleController#this_requires_signin_permission as HTML
-Authenticating with gds_sso strategy
-Completed   in 1ms
-Started GET "/auth/gds" for 127.0.0.1 at 2012-09-03 16:59:13 +0000
+Started GET "/restricted" for 127.0.0.1 at 2012-09-11 10:02:04 +0000
+Processing by ExampleController#restricted as JSON
+Authenticating with gds_bearer_token strategy
+Completed   in 19ms
-Started GET "/auth/gds/callback?code=2327f4896cae9d15aabcda4bc09852f9cd5c6f207f6c72030eda4a8de2a2a901&state=aa13b5ef4738690c6beb191039bc405b0384e85e09b36930" for 127.0.0.1 at 2012-09-03 16:59:13 +0000
-Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"2327f4896cae9d15aabcda4bc09852f9cd5c6f207f6c72030eda4a8de2a2a901", "state"=>"aa13b5ef4738690c6beb191039bc405b0384e85e09b36930"}
-Authenticating with gds_sso strategy
+Started GET "/restricted" for 127.0.0.1 at 2012-09-11 10:02:04 +0000
+Processing by ExampleController#restricted as JSON
+Authenticating with gds_bearer_token strategy
   [1m[35mUser Load (0.3ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
   [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
-  [1m[35m (0.2ms)[0m  UPDATE "users" SET "permissions" = '---
-GDS_SSO integration test:
-- signin
-' WHERE "users"."id" = 5
-  [1m[36m (8.1ms)[0m  [1mcommit transaction[0m
-  [1m[35m (0.1ms)[0m  begin transaction
-  [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
-GDS_SSO integration test:
-- signin
-' WHERE "users"."id" = 5[0m
-  [1m[35m (2.6ms)[0m  commit transaction
-Redirected to http://www.example-client.com/this_requires_signin_permission
-Completed 302 Found in 17ms (ActiveRecord: 11.6ms)
-Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-09-03 16:59:13 +0000
-Processing by ExampleController#this_requires_signin_permission as HTML
-  [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
-Completed 200 OK in 2ms (Views: 0.5ms | ActiveRecord: 0.2ms)
-Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-09-03 16:59:13 +0000
-Processing by ExampleController#this_requires_signin_permission as HTML
-Authenticating with gds_sso strategy
-Completed   in 0ms
-Started GET "/auth/gds" for 127.0.0.1 at 2012-09-03 16:59:13 +0000
-Started GET "/auth/gds/callback?code=b01359e06edda1882a7ce7358ca7a0125a924eeb82f8b6790528e4f6e8ac0f77&state=dce53540d826d70256f10b732de1d7a7a6b5001dbe912fb9" for 127.0.0.1 at 2012-09-03 16:59:13 +0000
-Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"b01359e06edda1882a7ce7358ca7a0125a924eeb82f8b6790528e4f6e8ac0f77", "state"=>"dce53540d826d70256f10b732de1d7a7a6b5001dbe912fb9"}
-Authenticating with gds_sso strategy
-  [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-  [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
-  [1m[35m (0.2ms)[0m  UPDATE "users" SET "permissions" = '---
-GDS_SSO integration test:
-- signin
-' WHERE "users"."id" = 5
-  [1m[36m (8.8ms)[0m  [1mcommit transaction[0m
-  [1m[35m (0.1ms)[0m  begin transaction
-  [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
-GDS_SSO integration test:
-- signin
-' WHERE "users"."id" = 5[0m
-  [1m[35m (2.8ms)[0m  commit transaction
-Redirected to http://www.example-client.com/this_requires_signin_permission
-Completed 302 Found in 18ms (ActiveRecord: 12.4ms)
-Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-09-03 16:59:13 +0000
-Processing by ExampleController#this_requires_signin_permission as HTML
-  [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
-Completed 200 OK in 1ms (Views: 0.3ms | ActiveRecord: 0.2ms)
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 16:59:13 +0000
-Processing by ExampleController#restricted as HTML
-Authenticating with gds_sso strategy
-Completed   in 0ms
-Started GET "/auth/gds" for 127.0.0.1 at 2012-09-03 16:59:13 +0000
-Started GET "/auth/gds/callback?code=7e61f8126ce10aec160bcef5d5fa0aac3dacf4577d74da64ec96e4ab526a1f62&state=e0a7039034a8b84750a7cc1fb55d3c653f7f65148953a4dd" for 127.0.0.1 at 2012-09-03 16:59:14 +0000
-Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"7e61f8126ce10aec160bcef5d5fa0aac3dacf4577d74da64ec96e4ab526a1f62", "state"=>"e0a7039034a8b84750a7cc1fb55d3c653f7f65148953a4dd"}
-Authenticating with gds_sso strategy
-  [1m[35mUser Load (0.3ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-  [1m[36m (1.5ms)[0m  [1mbegin transaction[0m
-  [1m[35m (4.7ms)[0m  UPDATE "users" SET "permissions" = '---
-GDS_SSO integration test:
-- signin
-' WHERE "users"."id" = 5
-  [1m[36m (11.8ms)[0m  [1mcommit transaction[0m
-  [1m[35m (0.0ms)[0m  begin transaction
-  [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
-GDS_SSO integration test:
-- signin
-' WHERE "users"."id" = 5[0m
-  [1m[35m (2.3ms)[0m  commit transaction
-Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 76ms (ActiveRecord: 20.8ms)
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 16:59:14 +0000
-Processing by ExampleController#restricted as HTML
-  [1m[36mUser Load (0.1ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
-Completed 200 OK in 2ms (Views: 0.6ms | ActiveRecord: 0.1ms)
-  [1m[35mUser Load (0.1ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-  [1m[36m (0.0ms)[0m  [1mbegin transaction[0m
-  [1m[35m (0.2ms)[0m  UPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '---
-GDS_SSO integration test:
-- signin
-' WHERE "users"."id" = 5
-  [1m[36m (2.2ms)[0m  [1mcommit transaction[0m
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 16:59:14 +0000
-Processing by ExampleController#restricted as HTML
-  [1m[35mUser Load (0.1ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-Filter chain halted as :authenticate_user! rendered or redirected
-Completed 403 Forbidden in 3ms (Views: 2.3ms | ActiveRecord: 0.1ms)
-Started GET "/auth/gds/sign_out" for 127.0.0.1 at 2012-09-03 16:59:14 +0000
-Processing by AuthenticationsController#sign_out as HTML
-Redirected to http://localhost:4567/users/sign_out
-Completed 302 Found in 1ms (ActiveRecord: 0.0ms)
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 16:59:14 +0000
-Processing by ExampleController#restricted as HTML
-Authenticating with gds_sso strategy
-Completed   in 0ms
-Started GET "/auth/gds" for 127.0.0.1 at 2012-09-03 16:59:14 +0000
-Started GET "/auth/gds/callback?code=f3f37641bd5cbc7956578adbd392068404377058a773db1aabeb97566a792933&state=e909edc3882fe2fa5a8c936eaf97ec15c120b755dce5a80b" for 127.0.0.1 at 2012-09-03 16:59:14 +0000
-Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"f3f37641bd5cbc7956578adbd392068404377058a773db1aabeb97566a792933", "state"=>"e909edc3882fe2fa5a8c936eaf97ec15c120b755dce5a80b"}
-Authenticating with gds_sso strategy
-  [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
-  [1m[35m (0.1ms)[0m  begin transaction
-  [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
-GDS_SSO integration test:
-- signin
-' WHERE "users"."id" = 5[0m
-  [1m[35m (9.1ms)[0m  commit transaction
-  [1m[36m (0.0ms)[0m  [1mbegin transaction[0m
-  [1m[35m (0.2ms)[0m  UPDATE "users" SET "remotely_signed_out" = 'f', "permissions" = '---
+  [1m[35m (0.3ms)[0m  UPDATE "users" SET "permissions" = '---
 GDS_SSO integration test:
 - signin
 ' WHERE "users"."id" = 5
-  [1m[36m (3.0ms)[0m  [1mcommit transaction[0m
-Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 17ms (ActiveRecord: 12.8ms)
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 16:59:14 +0000
-Processing by ExampleController#restricted as HTML
-  [1m[35mUser Load (0.1ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-Completed 200 OK in 1ms (Views: 0.4ms | ActiveRecord: 0.1ms)
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 16:59:14 +0000
-Processing by ExampleController#restricted as HTML
-Authenticating with gds_sso strategy
-Completed   in 0ms
-Started GET "/auth/gds" for 127.0.0.1 at 2012-09-03 16:59:14 +0000
-Started GET "/auth/gds/callback?code=fde173b3b12f1e261db71b38ef82c2007a7aa5f801b01f4e2aa54f3800e6b4ba&state=4ae6e309bd84d88d18c92233aab0f0ff911e15e2c1ed5d0d" for 127.0.0.1 at 2012-09-03 16:59:15 +0000
-Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"fde173b3b12f1e261db71b38ef82c2007a7aa5f801b01f4e2aa54f3800e6b4ba", "state"=>"4ae6e309bd84d88d18c92233aab0f0ff911e15e2c1ed5d0d"}
-Authenticating with gds_sso strategy
-  [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
+  [1m[36m (6.9ms)[0m  [1mcommit transaction[0m
   [1m[35m (0.1ms)[0m  begin transaction
-  [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
-GDS_SSO integration test:
-- signin
-' WHERE "users"."id" = 5[0m
-  [1m[35m (7.0ms)[0m  commit transaction
-  [1m[36m (0.0ms)[0m  [1mbegin transaction[0m
-  [1m[35m (0.2ms)[0m  UPDATE "users" SET "permissions" = '---
-GDS_SSO integration test:
-- signin
-' WHERE "users"."id" = 5
-  [1m[36m (2.2ms)[0m  [1mcommit transaction[0m
-Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 16ms (ActiveRecord: 9.9ms)
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 16:59:15 +0000
-Processing by ExampleController#restricted as HTML
-  [1m[35mUser Load (0.1ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-Completed 200 OK in 2ms (Views: 0.6ms | ActiveRecord: 0.1ms)
-Started GET "/restricted" for 127.0.0.1 at 2012-09-04 13:04:15 +0000
-Processing by ExampleController#restricted as HTML
-Authenticating with gds_sso strategy
-Completed   in 0ms
-Started GET "/auth/gds" for 127.0.0.1 at 2012-09-04 13:04:15 +0000
-Started GET "/auth/gds/callback?code=28665d2bbb7c40b2c1c0d48743f3953cbe1639b1f82e20ce907e0920b51d1f7b&state=837341d3cc5519d88bb79a1995ea1d8fa3f705ae3799ac91" for 127.0.0.1 at 2012-09-04 13:04:15 +0000
-Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"28665d2bbb7c40b2c1c0d48743f3953cbe1639b1f82e20ce907e0920b51d1f7b", "state"=>"837341d3cc5519d88bb79a1995ea1d8fa3f705ae3799ac91"}
-Authenticating with gds_sso strategy
-  [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
-  [1m[35m (1.2ms)[0m  begin transaction
-  [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
+  [1m[36m (0.3ms)[0m  [1mUPDATE "users" SET "permissions" = '---
 GDS_SSO integration test:
 - signin
 ' WHERE "users"."id" = 5[0m
-  [1m[35m (6.5ms)[0m  commit transaction
-  [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
-  [1m[35m (0.2ms)[0m  UPDATE "users" SET "permissions" = '---
-GDS_SSO integration test:
-- signin
-' WHERE "users"."id" = 5
-  [1m[36m (2.2ms)[0m  [1mcommit transaction[0m
-Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 16ms (ActiveRecord: 10.7ms)
-Started GET "/restricted" for 127.0.0.1 at 2012-09-04 13:04:15 +0000
-Processing by ExampleController#restricted as HTML
-  [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-Completed 200 OK in 2ms (Views: 0.4ms | ActiveRecord: 0.2ms)
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 16:59:15 +0000
-Processing by ExampleController#restricted as HTML
-Authenticating with gds_sso strategy
-Completed   in 0ms
-Started GET "/auth/gds" for 127.0.0.1 at 2012-09-03 16:59:15 +0000
+  [1m[35m (2.4ms)[0m  commit transaction
+Completed 200 OK in 77ms (Views: 0.7ms | ActiveRecord: 10.3ms)
-Started GET "/auth/gds/callback?code=8e4bc8427151e94ed9354dfc0926fa36cd6e9d480f5635a2832981cbd438928a&state=3819931064c403665a971bcf63c3d0d1f98c6704015a9700" for 127.0.0.1 at 2012-09-03 16:59:15 +0000
-Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"8e4bc8427151e94ed9354dfc0926fa36cd6e9d480f5635a2832981cbd438928a", "state"=>"3819931064c403665a971bcf63c3d0d1f98c6704015a9700"}
-Authenticating with gds_sso strategy
-  [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-09-11 10:02:04 +0000
+Processing by ExampleController#this_requires_signin_permission as JSON
+Authenticating with gds_bearer_token strategy
+  [1m[36mUser Load (0.3ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
   [1m[35m (0.1ms)[0m  begin transaction
-  [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
+  [1m[36m (0.3ms)[0m  [1mUPDATE "users" SET "permissions" = '---
 GDS_SSO integration test:
 - signin
 ' WHERE "users"."id" = 5[0m
-  [1m[35m (8.4ms)[0m  commit transaction
+  [1m[35m (8.5ms)[0m  commit transaction
   [1m[36m (0.0ms)[0m  [1mbegin transaction[0m
   [1m[35m (0.2ms)[0m  UPDATE "users" SET "permissions" = '---
 GDS_SSO integration test:
 - signin
 ' WHERE "users"."id" = 5
-  [1m[36m (2.7ms)[0m  [1mcommit transaction[0m
-Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 17ms (ActiveRecord: 11.9ms)
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 16:59:15 +0000
-Processing by ExampleController#restricted as HTML
-  [1m[35mUser Load (0.1ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-Completed 200 OK in 2ms (Views: 0.6ms | ActiveRecord: 0.1ms)
-Started GET "/restricted" for 127.0.0.1 at 2012-09-04 12:54:15 +0000
-Processing by ExampleController#restricted as HTML
-  [1m[36mUser Load (0.1ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
-Completed 200 OK in 1ms (Views: 0.2ms | ActiveRecord: 0.1ms)
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 16:59:15 +0000
-Processing by ExampleController#restricted as JSON
-Authenticating with gds_sso_api_access strategy
-Completed   in 12ms
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 16:59:15 +0000
-Processing by ExampleController#restricted as JSON
-Authenticating with gds_sso_api_access strategy
-Completed 200 OK in 1ms (Views: 0.5ms | ActiveRecord: 0.0ms)
-Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-09-03 16:59:15 +0000
-Processing by ExampleController#this_requires_signin_permission as JSON
-Authenticating with gds_sso_api_access strategy
-Completed 200 OK in 1ms (Views: 0.3ms | ActiveRecord: 0.0ms)
+  [1m[36m (1.9ms)[0m  [1mcommit transaction[0m
+Completed 200 OK in 46ms (Views: 0.7ms | ActiveRecord: 11.3ms)