gds-sso 1.2.2 → 2.0.0

data/Gemfile

@@ -1,4 +1,4 @@
-source "http://rubygems.org"
+source "https://rubygems.org"
 source 'https://gems.gemfury.com/vo6ZrmjBQu5szyywDszE/'
 
 # Specify your gem's dependencies in gds-sso.gemspec

data/lib/gds-sso.rb

@@ -38,7 +38,7 @@ module GDS
       end
 
       def self.default_strategies
-        use_mock_strategies? ? [:mock_gds_sso, :mock_gds_sso_api_access] : [:gds_sso, :gds_sso_api_access]
+        use_mock_strategies? ? [:mock_gds_sso, :mock_gds_sso_api_access] : [:gds_sso, :gds_bearer_token, :gds_sso_api_access]
       end
 
       config.app_middleware.use Warden::Manager do |config|

data/lib/gds-sso/api_access.rb

@@ -7,6 +7,14 @@ module GDS
         request = Rack::Accept::Request.new(env)
         request.best_media_type(%w{text/html application/json}) == 'application/json'
       end
+
+      def self.has_bearer_token?(env)
+        env['HTTP_AUTHORIZATION'] && env['HTTP_AUTHORIZATION'].match(/^Bearer /)
+      end
+
+      def self.oauth_api_call?(env)
+        has_bearer_token?(env)
+      end
     end
   end
 end

data/lib/gds-sso/version.rb

@@ -1,5 +1,5 @@
 module GDS
   module SSO
-    VERSION = "1.2.2"
+    VERSION = "2.0.0"
   end
 end

data/lib/gds-sso/warden_config.rb

@@ -51,6 +51,82 @@ Warden::Strategies.add(:gds_sso) do
   end
 end
 
+Warden::Strategies.add(:gds_bearer_token) do
+  def valid?
+    ::GDS::SSO::ApiAccess.api_call?(env) && 
+      ::GDS::SSO::ApiAccess.oauth_api_call?(env)
+  end
+
+  def authenticate!
+    Rails.logger.debug("Authenticating with gds_bearer_token strategy")
+
+    begin
+      access_token = OAuth2::AccessToken.new(oauth_client, token_from_authorization_header)
+      response_body = access_token.get('/user.json').body
+      user_details = omniauth_style_response(response_body)
+      user = prep_user(user_details)
+      success!(user)
+    rescue OAuth2::Error
+      custom!(unauthorized)
+    end
+  end
+
+  def oauth_client
+    @oauth_client ||= OAuth2::Client.new(
+      GDS::SSO::Config.oauth_id,
+      GDS::SSO::Config.oauth_secret,
+      :site => GDS::SSO::Config.oauth_root_url
+    )
+  end
+
+  def token_from_authorization_header
+    env['HTTP_AUTHORIZATION'].gsub(/Bearer /, '')
+  end
+
+  # Our User code assumes we're getting our user data back
+  # via omniauth and so receiving it in omniauth's preferred
+  # structure. Here we're addressing signonotron directly so
+  # we need to transform the response ourselves.
+  #
+  # There may be a way to simplify matters by having this
+  # strategy work via omniauth too but I've not worked out how
+  # to wire that up yet.
+  def omniauth_style_response(response_body)
+    input = MultiJson.decode(response_body)['user']
+
+    {
+      'uid' => input['uid'],
+      'info' => {
+        'email' => input['email'],
+        'name' => input['name']
+      },
+      'extra' => {
+        'user' => {
+          'permissions' => input['permissions']
+        }
+      }
+    }
+  end
+
+  def prep_user(auth_hash)
+    user = GDS::SSO::Config.user_klass.find_for_gds_oauth(auth_hash)
+    custom!(anauthorized) unless user
+    user
+  end
+
+  def unauthorized
+    [
+      401,
+      {
+        'Content-Type' => 'text/plain',
+        'Content-Length' => '0',
+        'WWW-Authenticate' => %(Bearer realm="#{GDS::SSO::Config.basic_auth_realm}", error="invalid_token")
+      },
+      []
+    ]
+  end
+end
+
 Warden::Strategies.add(:gds_sso_api_access) do
   def api_user
     @api_user ||= GDS::SSO::ApiUser.new

data/spec/fixtures/integration/authorize_api_users.sql

@@ -0,0 +1,4 @@
+DELETE FROM `oauth_access_tokens`;
+
+INSERT INTO oauth_access_tokens VALUES 
+  (NULL, 1, 1, 'caaeb53be5c7277fb0ef158181bfd1537b57f9e3b83eb795be3cd0af6e118b28', '1bc343797483954d7306d67e96687feccdfdaa8b23ed662ae23e2b03e6661d16', 307584000, NULL, '2012-06-27 13:57:47', NULL);

data/spec/fixtures/integration/signonotron2.sql

@@ -6,7 +6,7 @@ DELETE FROM `permissions`;
 DELETE FROM `users`;
 
 -- Setup fixture data
-INSERT INTO `oauth_applications` VALUES (1,'GDS_SSO integration test','gds-sso-test','secret','http://www.example-client.com/auth/gds/callback','2012-04-19 13:26:54','2012-04-19 13:26:54', 'http://www.example-client.com/', 'Example client description');
+INSERT INTO `oauth_applications` VALUES (1,'GDS_SSO integration test','gds-sso-test','secret','http://www.example-client.com/auth/gds/callback','2012-04-19 13:26:54','2012-04-19 13:26:54', 'http://home.com', 'GDS_SSO integration test');
 INSERT INTO `users` (id, email, encrypted_password, created_at, updated_at, name, uid, is_admin) VALUES (1,'test@example-client.com','$2a$04$MdMkVFwTq5GLJJkHS8GLIe6dK1.C4ozzba5ZS5Ks2b/NenVsMGGRW','2012-04-19 13:26:54','2012-04-19 13:26:54','Test User','integration-uid', 0);
 INSERT INTO `permissions` (id, user_id, application_id, permissions) VALUES (1,1,1,"---
 - signin

data/spec/internal/log/test.log

@@ -1,297 +1,249 @@
 Connecting to database specified by database.yml
-   (2.9ms)  select sqlite_version(*)
-   (9.2ms)  CREATE TABLE "users" ("id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, "name" varchar(255) NOT NULL, "uid" varchar(255) NOT NULL, "email" varchar(255) NOT NULL, "remotely_signed_out" boolean, "permissions" text) 
-   (2.3ms)  CREATE TABLE "schema_migrations" ("version" varchar(255) NOT NULL) 
+   (2.8ms)  select sqlite_version(*)
+   (15.0ms)  CREATE TABLE "users" ("id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, "name" varchar(255) NOT NULL, "uid" varchar(255) NOT NULL, "email" varchar(255) NOT NULL, "remotely_signed_out" boolean, "permissions" text) 
+   (2.0ms)  CREATE TABLE "schema_migrations" ("version" varchar(255) NOT NULL) 
    (0.0ms)  PRAGMA index_list("schema_migrations")
    (3.1ms)  CREATE UNIQUE INDEX "unique_schema_migrations" ON "schema_migrations" ("version")
    (0.1ms)  begin transaction
-  SQL (7.2ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d39182"]]
-   (2.6ms)  commit transaction
+  SQL (28.7ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d33754"]]
+   (10.0ms)  commit transaction
 WARNING: Can't mass-assign protected attributes: uid, name, permissions
 Processing by Api::UserController#update as HTML
-  Parameters: {"uid"=>"a1s2d39182"}
-  Rendered /mnt/jenkins/workspace/GDS-SSO/app/views/authorisations/unauthorised.html.erb within layouts/unauthorised (3.5ms)
-Completed 403 Forbidden in 54ms (Views: 53.3ms | ActiveRecord: 0.0ms)
+  Parameters: {"uid"=>"a1s2d33754"}
+  Rendered /mnt/jenkins/workspace/GDS-SSO/app/views/authorisations/unauthorised.html.erb within layouts/unauthorised (4.4ms)
+Completed 403 Forbidden in 203ms (Views: 202.0ms | ActiveRecord: 0.0ms)
    (0.1ms)  begin transaction
-  SQL (0.3ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d3403"]]
-   (2.5ms)  commit transaction
+  SQL (0.4ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d39954"]]
+   (2.6ms)  commit transaction
 Processing by Api::UserController#update as HTML
-  Parameters: {"uid"=>"a1s2d3403"}
-  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d3403' LIMIT 1
+  Parameters: {"uid"=>"a1s2d39954"}
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d39954' LIMIT 1
    (0.1ms)  begin transaction
-   (0.3ms)  UPDATE "users" SET "email" = 'user@domain.com', "name" = 'Joshua Marshall', "permissions" = '--- 
+   (0.4ms)  UPDATE "users" SET "email" = 'user@domain.com', "name" = 'Joshua Marshall', "permissions" = '--- 
 GDS_SSO integration test: 
 - signin
 - new permission
 ' WHERE "users"."id" = 2
-   (69.6ms)  commit transaction
-Completed 200 OK in 120ms (ActiveRecord: 70.2ms)
+   (10.2ms)  commit transaction
+Completed 200 OK in 173ms (ActiveRecord: 10.9ms)
   User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1  [["id", 2]]
    (0.1ms)  begin transaction
-  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d38236"]]
-   (2.1ms)  commit transaction
+  SQL (0.3ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d33374"]]
+   (14.7ms)  commit transaction
 WARNING: Can't mass-assign protected attributes: uid, name, permissions
 Processing by Api::UserController#reauth as HTML
-  Parameters: {"uid"=>"a1s2d38236"}
+  Parameters: {"uid"=>"a1s2d33374"}
 Completed 403 Forbidden in 2ms (Views: 1.1ms | ActiveRecord: 0.0ms)
    (0.1ms)  begin transaction
-  SQL (0.3ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d33440"]]
-   (2.2ms)  commit transaction
-Processing by Api::UserController#reauth as HTML
-  Parameters: {"uid"=>"a1s2d33440"}
-  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d33440' LIMIT 1
-   (0.0ms)  begin transaction
-   (0.2ms)  UPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '--- 
-GDS_SSO integration test: 
-- signin
-' WHERE "users"."id" = 4
-   (3.0ms)  commit transaction
-Completed 200 OK in 6ms (ActiveRecord: 3.5ms)
-  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1  [["id", 4]]
-Connecting to database specified by database.yml
-   (2.6ms)  select sqlite_version(*)
-   (10.9ms)  DROP TABLE "users"
-   (3.1ms)  CREATE TABLE "users" ("id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, "name" varchar(255) NOT NULL, "uid" varchar(255) NOT NULL, "email" varchar(255) NOT NULL, "remotely_signed_out" boolean, "permissions" text) 
-   (0.1ms)  begin transaction
-  SQL (7.0ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d34004"]]
-   (4.3ms)  commit transaction
-WARNING: Can't mass-assign protected attributes: uid, name, permissions
-Processing by Api::UserController#update as HTML
-  Parameters: {"uid"=>"a1s2d34004"}
-  Rendered /mnt/jenkins/workspace/GDS-SSO/app/views/authorisations/unauthorised.html.erb within layouts/unauthorised (3.6ms)
-Completed 403 Forbidden in 53ms (Views: 52.2ms | ActiveRecord: 0.0ms)
-   (0.1ms)  begin transaction
-  SQL (0.3ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d35273"]]
-   (2.7ms)  commit transaction
-Processing by Api::UserController#update as HTML
-  Parameters: {"uid"=>"a1s2d35273"}
-  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d35273' LIMIT 1
-   (0.1ms)  begin transaction
-   (0.3ms)  UPDATE "users" SET "email" = 'user@domain.com', "name" = 'Joshua Marshall', "permissions" = '--- 
-GDS_SSO integration test: 
-- signin
-- new permission
-' WHERE "users"."id" = 2
-   (2.9ms)  commit transaction
-Completed 200 OK in 55ms (ActiveRecord: 3.5ms)
-  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1  [["id", 2]]
-   (0.1ms)  begin transaction
-  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d33207"]]
-   (2.7ms)  commit transaction
-WARNING: Can't mass-assign protected attributes: uid, name, permissions
+  SQL (10.4ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d37905"]]
+   (11.5ms)  commit transaction
 Processing by Api::UserController#reauth as HTML
-  Parameters: {"uid"=>"a1s2d33207"}
-Completed 403 Forbidden in 2ms (Views: 1.1ms | ActiveRecord: 0.0ms)
+  Parameters: {"uid"=>"a1s2d37905"}
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d37905' LIMIT 1
    (0.1ms)  begin transaction
-  SQL (0.3ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d32336"]]
-   (2.2ms)  commit transaction
-Processing by Api::UserController#reauth as HTML
-  Parameters: {"uid"=>"a1s2d32336"}
-  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d32336' LIMIT 1
-   (0.0ms)  begin transaction
-   (0.2ms)  UPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '--- 
+   (0.3ms)  UPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '--- 
 GDS_SSO integration test: 
 - signin
 ' WHERE "users"."id" = 4
-   (2.3ms)  commit transaction
-Completed 200 OK in 5ms (ActiveRecord: 2.8ms)
+   (4.1ms)  commit transaction
+Completed 200 OK in 7ms (ActiveRecord: 4.7ms)
   User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1  [["id", 4]]
 
 
-Started GET "/" for 127.0.0.1 at 2012-09-03 14:46:41 +0000
+Started GET "/" for 127.0.0.1 at 2012-09-11 10:01:59 +0000
 Processing by ExampleController#index as HTML
-Completed 200 OK in 6ms (Views: 5.0ms | ActiveRecord: 0.0ms)
+Completed 200 OK in 6ms (Views: 5.5ms | ActiveRecord: 0.0ms)
 
 
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 14:46:41 +0000
+Started GET "/restricted" for 127.0.0.1 at 2012-09-11 10:01:59 +0000
 Processing by ExampleController#restricted as HTML
 Authenticating with gds_sso strategy
-Completed   in 17ms
+Completed   in 66ms
 
 
-Started GET "/auth/gds" for 127.0.0.1 at 2012-09-03 14:46:41 +0000
+Started GET "/auth/gds" for 127.0.0.1 at 2012-09-11 10:01:59 +0000
 
 
-Started GET "/auth/gds/callback?code=1c7626bee3a1a855f6c550eec3e9325ff33cbb486c83a6f4e659737b6afa66fb&state=e0714904e5be0192e09310c9fb1ffb65f774f6727989099a" for 127.0.0.1 at 2012-09-03 14:46:42 +0000
+Started GET "/auth/gds/callback?code=bc84931099e3276d7d1675de3d41254b509092611eddb4b2d086732c2c8afbe1&state=4f848870a8d491f899787a43fac36c6b39f502b06337b832" for 127.0.0.1 at 2012-09-11 10:02:00 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"1c7626bee3a1a855f6c550eec3e9325ff33cbb486c83a6f4e659737b6afa66fb", "state"=>"e0714904e5be0192e09310c9fb1ffb65f774f6727989099a"}
+  Parameters: {"code"=>"bc84931099e3276d7d1675de3d41254b509092611eddb4b2d086732c2c8afbe1", "state"=>"4f848870a8d491f899787a43fac36c6b39f502b06337b832"}
 Authenticating with gds_sso strategy
-  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
    (0.1ms)  begin transaction
   SQL (0.3ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "test@example-client.com"], ["name", "Test User"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "integration-uid"]]
-   (12.0ms)  commit transaction
-   (0.0ms)  begin transaction
-   (0.2ms)  UPDATE "users" SET "remotely_signed_out" = 'f', "permissions" = '--- 
+   (16.6ms)  commit transaction
+   (0.1ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "remotely_signed_out" = 'f', "permissions" = '--- 
 GDS_SSO integration test: 
 - signin
 ' WHERE "users"."id" = 5
-   (2.7ms)  commit transaction
+   (2.0ms)  commit transaction
 Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 21ms (ActiveRecord: 15.5ms)
+Completed 302 Found in 26ms (ActiveRecord: 19.6ms)
 
 
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 14:46:42 +0000
+Started GET "/restricted" for 127.0.0.1 at 2012-09-11 10:02:00 +0000
 Processing by ExampleController#restricted as HTML
-  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-Completed 200 OK in 2ms (Views: 0.5ms | ActiveRecord: 0.1ms)
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 2ms (Views: 0.5ms | ActiveRecord: 0.2ms)
 
 
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 14:46:42 +0000
+Started GET "/restricted" for 127.0.0.1 at 2012-09-11 10:02:00 +0000
 Processing by ExampleController#restricted as HTML
 Authenticating with gds_sso strategy
 Completed   in 0ms
 
 
-Started GET "/auth/gds" for 127.0.0.1 at 2012-09-03 14:46:42 +0000
+Started GET "/auth/gds" for 127.0.0.1 at 2012-09-11 10:02:00 +0000
 
 
-Started GET "/auth/gds/callback?code=d44e4ba6e033b2116af054119b5d11adb0416f722b1a88c18b17ac0d2dc806f6&state=3e64422d7a74149fd8aeb6591ffbe29ce42cda71babcb162" for 127.0.0.1 at 2012-09-03 14:46:43 +0000
+Started GET "/auth/gds/callback?code=5b3104133f5bacd7eb2fb72c7a9ecf06d1bfb591185fb81664b78b64e89c558b&state=02cd24c5380efba67d46452845a54f655b2c877a0838e80f" for 127.0.0.1 at 2012-09-11 10:02:01 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"d44e4ba6e033b2116af054119b5d11adb0416f722b1a88c18b17ac0d2dc806f6", "state"=>"3e64422d7a74149fd8aeb6591ffbe29ce42cda71babcb162"}
+  Parameters: {"code"=>"5b3104133f5bacd7eb2fb72c7a9ecf06d1bfb591185fb81664b78b64e89c558b", "state"=>"02cd24c5380efba67d46452845a54f655b2c877a0838e80f"}
 Authenticating with gds_sso strategy
-  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
    (0.1ms)  begin transaction
-   (0.2ms)  UPDATE "users" SET "permissions" = '--- 
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
 GDS_SSO integration test: 
 - signin
 ' WHERE "users"."id" = 5
-   (7.0ms)  commit transaction
-   (0.0ms)  begin transaction
-   (0.2ms)  UPDATE "users" SET "permissions" = '--- 
+   (6.0ms)  commit transaction
+   (0.1ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
 GDS_SSO integration test: 
 - signin
 ' WHERE "users"."id" = 5
-   (2.8ms)  commit transaction
+   (2.3ms)  commit transaction
 Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 16ms (ActiveRecord: 10.7ms)
+Completed 302 Found in 15ms (ActiveRecord: 9.2ms)
 
 
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 14:46:43 +0000
+Started GET "/restricted" for 127.0.0.1 at 2012-09-11 10:02:01 +0000
 Processing by ExampleController#restricted as HTML
-  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-Completed 200 OK in 2ms (Views: 0.5ms | ActiveRecord: 0.1ms)
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 2ms (Views: 0.6ms | ActiveRecord: 0.2ms)
 
 
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 14:46:43 +0000
+Started GET "/restricted" for 127.0.0.1 at 2012-09-11 10:02:01 +0000
 Processing by ExampleController#restricted as HTML
 Authenticating with gds_sso strategy
 Completed   in 0ms
 
 
-Started GET "/auth/gds" for 127.0.0.1 at 2012-09-03 14:46:43 +0000
+Started GET "/auth/gds" for 127.0.0.1 at 2012-09-11 10:02:01 +0000
 
 
-Started GET "/auth/gds/callback?code=b2d39d1f07e8c403c9d5fd45136eec45463727bbacffb6a81cf0fb17acfc4943&state=c4df828c99b43b76e4bd68f21a48f4ffb800b391bd4d5058" for 127.0.0.1 at 2012-09-03 14:46:43 +0000
+Started GET "/auth/gds/callback?code=3595fb01ce5a4cbbcfa22394ad4b902d9797dd732434a5d7e23ae903bc18dafe&state=83dd91285e2e6b4c20e166d9200a3f8cae4b9189c4a07d98" for 127.0.0.1 at 2012-09-11 10:02:01 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"b2d39d1f07e8c403c9d5fd45136eec45463727bbacffb6a81cf0fb17acfc4943", "state"=>"c4df828c99b43b76e4bd68f21a48f4ffb800b391bd4d5058"}
+  Parameters: {"code"=>"3595fb01ce5a4cbbcfa22394ad4b902d9797dd732434a5d7e23ae903bc18dafe", "state"=>"83dd91285e2e6b4c20e166d9200a3f8cae4b9189c4a07d98"}
 Authenticating with gds_sso strategy
-  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+  User Load (0.5ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
    (0.1ms)  begin transaction
-   (0.2ms)  UPDATE "users" SET "permissions" = '--- 
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
 GDS_SSO integration test: 
 - signin
 ' WHERE "users"."id" = 5
-   (10.0ms)  commit transaction
+   (8.6ms)  commit transaction
    (0.0ms)  begin transaction
    (0.2ms)  UPDATE "users" SET "permissions" = '--- 
 GDS_SSO integration test: 
 - signin
 ' WHERE "users"."id" = 5
-   (2.2ms)  commit transaction
+   (2.0ms)  commit transaction
 Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 17ms (ActiveRecord: 12.9ms)
+Completed 302 Found in 16ms (ActiveRecord: 11.6ms)
 
 
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 14:46:43 +0000
+Started GET "/restricted" for 127.0.0.1 at 2012-09-11 10:02:01 +0000
 Processing by ExampleController#restricted as HTML
   User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
 Completed 200 OK in 1ms (Views: 0.3ms | ActiveRecord: 0.1ms)
 
 
-Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-09-03 14:46:43 +0000
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-09-11 10:02:01 +0000
 Processing by ExampleController#this_requires_signin_permission as HTML
 Authenticating with gds_sso strategy
 Completed   in 1ms
 
 
-Started GET "/auth/gds" for 127.0.0.1 at 2012-09-03 14:46:43 +0000
+Started GET "/auth/gds" for 127.0.0.1 at 2012-09-11 10:02:01 +0000
 
 
-Started GET "/auth/gds/callback?code=6a5d347eef9fa0d1bcfa44aa287ffe11edc4ab1b7cd14fac11ccbd2a6b11f9f2&state=cb41e6aafa78b5d29eeb3fdf6f647bb8bd107f6a5e1b7746" for 127.0.0.1 at 2012-09-03 14:46:43 +0000
+Started GET "/auth/gds/callback?code=21a6b7417ba8925e677e350ab50b069a60e0f7f9acac712dea65155a0b2ec392&state=2f3d359a9ebea337e7e387caf2a2316414d2679155b4ced4" for 127.0.0.1 at 2012-09-11 10:02:01 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"6a5d347eef9fa0d1bcfa44aa287ffe11edc4ab1b7cd14fac11ccbd2a6b11f9f2", "state"=>"cb41e6aafa78b5d29eeb3fdf6f647bb8bd107f6a5e1b7746"}
+  Parameters: {"code"=>"21a6b7417ba8925e677e350ab50b069a60e0f7f9acac712dea65155a0b2ec392", "state"=>"2f3d359a9ebea337e7e387caf2a2316414d2679155b4ced4"}
 Authenticating with gds_sso strategy
   User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
    (0.1ms)  begin transaction
-   (0.2ms)  UPDATE "users" SET "permissions" = '--- 
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
 GDS_SSO integration test: 
 - signin
 ' WHERE "users"."id" = 5
-   (7.5ms)  commit transaction
+   (7.9ms)  commit transaction
    (0.1ms)  begin transaction
-   (0.2ms)  UPDATE "users" SET "permissions" = '--- 
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
 GDS_SSO integration test: 
 - signin
 ' WHERE "users"."id" = 5
-   (2.5ms)  commit transaction
+   (2.0ms)  commit transaction
 Redirected to http://www.example-client.com/this_requires_signin_permission
-Completed 302 Found in 16ms (ActiveRecord: 10.8ms)
+Completed 302 Found in 17ms (ActiveRecord: 10.9ms)
 
 
-Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-09-03 14:46:43 +0000
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-09-11 10:02:01 +0000
 Processing by ExampleController#this_requires_signin_permission as HTML
   User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-Completed 200 OK in 2ms (Views: 0.5ms | ActiveRecord: 0.2ms)
+Completed 200 OK in 2ms (Views: 0.6ms | ActiveRecord: 0.2ms)
 
 
-Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-09-03 14:46:43 +0000
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-09-11 10:02:01 +0000
 Processing by ExampleController#this_requires_signin_permission as HTML
 Authenticating with gds_sso strategy
 Completed   in 0ms
 
 
-Started GET "/auth/gds" for 127.0.0.1 at 2012-09-03 14:46:43 +0000
+Started GET "/auth/gds" for 127.0.0.1 at 2012-09-11 10:02:01 +0000
 
 
-Started GET "/auth/gds/callback?code=053d4040df501e3673e97fd16603222738e71eb3e7a76be95e21a6042c632b97&state=efc86b0e5b013949dc6a213203e28d17e178e139a643951b" for 127.0.0.1 at 2012-09-03 14:46:44 +0000
+Started GET "/auth/gds/callback?code=767d96b4cd5158a5784e4b5c6d6312f0b693e72fc3d6184fd9ba9c897d476586&state=61a43f3371db677a3c7f84b2278c47b819576459845bc9cc" for 127.0.0.1 at 2012-09-11 10:02:02 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"053d4040df501e3673e97fd16603222738e71eb3e7a76be95e21a6042c632b97", "state"=>"efc86b0e5b013949dc6a213203e28d17e178e139a643951b"}
+  Parameters: {"code"=>"767d96b4cd5158a5784e4b5c6d6312f0b693e72fc3d6184fd9ba9c897d476586", "state"=>"61a43f3371db677a3c7f84b2278c47b819576459845bc9cc"}
 Authenticating with gds_sso strategy
   User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
    (0.1ms)  begin transaction
-   (0.2ms)  UPDATE "users" SET "permissions" = '--- 
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
 GDS_SSO integration test: 
 - signin
 ' WHERE "users"."id" = 5
-   (8.9ms)  commit transaction
+   (5.5ms)  commit transaction
    (0.1ms)  begin transaction
    (0.2ms)  UPDATE "users" SET "permissions" = '--- 
 GDS_SSO integration test: 
 - signin
 ' WHERE "users"."id" = 5
-   (2.8ms)  commit transaction
+   (1.8ms)  commit transaction
 Redirected to http://www.example-client.com/this_requires_signin_permission
-Completed 302 Found in 17ms (ActiveRecord: 12.4ms)
+Completed 302 Found in 13ms (ActiveRecord: 8.2ms)
 
 
-Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-09-03 14:46:44 +0000
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-09-11 10:02:02 +0000
 Processing by ExampleController#this_requires_signin_permission as HTML
   User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
 Completed 200 OK in 1ms (Views: 0.4ms | ActiveRecord: 0.1ms)
 
 
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 14:46:44 +0000
+Started GET "/restricted" for 127.0.0.1 at 2012-09-11 10:02:02 +0000
 Processing by ExampleController#restricted as HTML
 Authenticating with gds_sso strategy
 Completed   in 0ms
 
 
-Started GET "/auth/gds" for 127.0.0.1 at 2012-09-03 14:46:44 +0000
+Started GET "/auth/gds" for 127.0.0.1 at 2012-09-11 10:02:02 +0000
 
 
-Started GET "/auth/gds/callback?code=bde4cebe3abcb1595384d60812151f85968a5bc8df4f3c56ccf7a10b8e66ff2a&state=58a4d738c5f93d4d577e09331a77e2d95cde947cece3ac17" for 127.0.0.1 at 2012-09-03 14:46:44 +0000
+Started GET "/auth/gds/callback?code=712ca60a2012e4b3fc6789708c2b61939b2b21cc086396baea54e9f3b0887652&state=ee049bfbaf70f4b475816a2c148d44e44691399094cff596" for 127.0.0.1 at 2012-09-11 10:02:02 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"bde4cebe3abcb1595384d60812151f85968a5bc8df4f3c56ccf7a10b8e66ff2a", "state"=>"58a4d738c5f93d4d577e09331a77e2d95cde947cece3ac17"}
+  Parameters: {"code"=>"712ca60a2012e4b3fc6789708c2b61939b2b21cc086396baea54e9f3b0887652", "state"=>"ee049bfbaf70f4b475816a2c148d44e44691399094cff596"}
 Authenticating with gds_sso strategy
   User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
    (0.1ms)  begin transaction
@@ -299,660 +251,250 @@ Authenticating with gds_sso strategy
 GDS_SSO integration test: 
 - signin
 ' WHERE "users"."id" = 5
-   (7.0ms)  commit transaction
-   (0.0ms)  begin transaction
-   (0.2ms)  UPDATE "users" SET "permissions" = '--- 
+   (18.5ms)  commit transaction
+   (0.1ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
 GDS_SSO integration test: 
 - signin
 ' WHERE "users"."id" = 5
-   (2.2ms)  commit transaction
+   (1.9ms)  commit transaction
 Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 15ms (ActiveRecord: 10.1ms)
+Completed 302 Found in 27ms (ActiveRecord: 21.3ms)
 
 
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 14:46:44 +0000
+Started GET "/restricted" for 127.0.0.1 at 2012-09-11 10:02:02 +0000
 Processing by ExampleController#restricted as HTML
-  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-Completed 200 OK in 1ms (Views: 0.5ms | ActiveRecord: 0.1ms)
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 2ms (Views: 0.6ms | ActiveRecord: 0.2ms)
   User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-   (0.0ms)  begin transaction
-   (0.2ms)  UPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '--- 
+   (0.1ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '--- 
 GDS_SSO integration test: 
 - signin
 ' WHERE "users"."id" = 5
-   (2.7ms)  commit transaction
+   (2.6ms)  commit transaction
 
 
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 14:46:44 +0000
+Started GET "/restricted" for 127.0.0.1 at 2012-09-11 10:02:02 +0000
 Processing by ExampleController#restricted as HTML
   User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
 Filter chain halted as :authenticate_user! rendered or redirected
-Completed 403 Forbidden in 3ms (Views: 2.3ms | ActiveRecord: 0.1ms)
+Completed 403 Forbidden in 65ms (Views: 63.5ms | ActiveRecord: 0.1ms)
 
 
-Started GET "/auth/gds/sign_out" for 127.0.0.1 at 2012-09-03 14:46:44 +0000
+Started GET "/auth/gds/sign_out" for 127.0.0.1 at 2012-09-11 10:02:02 +0000
 Processing by AuthenticationsController#sign_out as HTML
 Redirected to http://localhost:4567/users/sign_out
 Completed 302 Found in 1ms (ActiveRecord: 0.0ms)
 
 
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 14:46:44 +0000
+Started GET "/restricted" for 127.0.0.1 at 2012-09-11 10:02:03 +0000
 Processing by ExampleController#restricted as HTML
 Authenticating with gds_sso strategy
 Completed   in 0ms
 
 
-Started GET "/auth/gds" for 127.0.0.1 at 2012-09-03 14:46:44 +0000
+Started GET "/auth/gds" for 127.0.0.1 at 2012-09-11 10:02:03 +0000
 
 
-Started GET "/auth/gds/callback?code=a3bfab5ccfcc9dbaf6f6f287ae25940fa416910c3aa20a4ef0aef6617343574c&state=371fd5bf1f8c3c1bb9f0c2cec6b54a2991f21057883a4851" for 127.0.0.1 at 2012-09-03 14:46:44 +0000
+Started GET "/auth/gds/callback?code=472ae08fd98a1ca4a5beb68c24d61d6061a483be0aa092b202711316e5c2b964&state=7dea408a684c3e330be0b5500ac3f72720ea392f324a8a13" for 127.0.0.1 at 2012-09-11 10:02:03 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"a3bfab5ccfcc9dbaf6f6f287ae25940fa416910c3aa20a4ef0aef6617343574c", "state"=>"371fd5bf1f8c3c1bb9f0c2cec6b54a2991f21057883a4851"}
+  Parameters: {"code"=>"472ae08fd98a1ca4a5beb68c24d61d6061a483be0aa092b202711316e5c2b964", "state"=>"7dea408a684c3e330be0b5500ac3f72720ea392f324a8a13"}
 Authenticating with gds_sso strategy
   User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
    (0.1ms)  begin transaction
-   (0.2ms)  UPDATE "users" SET "permissions" = '--- 
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
 GDS_SSO integration test: 
 - signin
 ' WHERE "users"."id" = 5
-   (9.6ms)  commit transaction
+   (9.3ms)  commit transaction
    (0.0ms)  begin transaction
    (0.2ms)  UPDATE "users" SET "remotely_signed_out" = 'f', "permissions" = '--- 
 GDS_SSO integration test: 
 - signin
 ' WHERE "users"."id" = 5
-   (2.2ms)  commit transaction
+   (1.8ms)  commit transaction
 Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 17ms (ActiveRecord: 12.5ms)
+Completed 302 Found in 16ms (ActiveRecord: 11.8ms)
 
 
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 14:46:45 +0000
+Started GET "/restricted" for 127.0.0.1 at 2012-09-11 10:02:03 +0000
 Processing by ExampleController#restricted as HTML
   User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
 Completed 200 OK in 1ms (Views: 0.4ms | ActiveRecord: 0.1ms)
 
 
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 14:46:45 +0000
+Started GET "/restricted" for 127.0.0.1 at 2012-09-11 10:02:03 +0000
 Processing by ExampleController#restricted as HTML
 Authenticating with gds_sso strategy
 Completed   in 0ms
 
 
-Started GET "/auth/gds" for 127.0.0.1 at 2012-09-03 14:46:45 +0000
+Started GET "/auth/gds" for 127.0.0.1 at 2012-09-11 10:02:03 +0000
 
 
-Started GET "/auth/gds/callback?code=fa04cd55ffdb943c717a438f4974a4847d6a85b0099867c257a507502556e3db&state=07556e192c0cf18768ac3420945521a270785ace790fdb47" for 127.0.0.1 at 2012-09-03 14:46:45 +0000
+Started GET "/auth/gds/callback?code=5b0fc8e24c8ca6591c9b8065ff6fed1ee7e43855b918baad2e3d9d317f911b17&state=ce98454ef561cccbf83d6cab3ea3441f498dd7e9171a14c2" for 127.0.0.1 at 2012-09-11 10:02:03 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"fa04cd55ffdb943c717a438f4974a4847d6a85b0099867c257a507502556e3db", "state"=>"07556e192c0cf18768ac3420945521a270785ace790fdb47"}
+  Parameters: {"code"=>"5b0fc8e24c8ca6591c9b8065ff6fed1ee7e43855b918baad2e3d9d317f911b17", "state"=>"ce98454ef561cccbf83d6cab3ea3441f498dd7e9171a14c2"}
 Authenticating with gds_sso strategy
-  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
    (0.1ms)  begin transaction
-   (0.2ms)  UPDATE "users" SET "permissions" = '--- 
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
 GDS_SSO integration test: 
 - signin
 ' WHERE "users"."id" = 5
-   (7.6ms)  commit transaction
+   (16.5ms)  commit transaction
    (0.1ms)  begin transaction
-   (0.2ms)  UPDATE "users" SET "permissions" = '--- 
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
 GDS_SSO integration test: 
 - signin
 ' WHERE "users"."id" = 5
    (2.8ms)  commit transaction
 Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 17ms (ActiveRecord: 11.2ms)
+Completed 302 Found in 26ms (ActiveRecord: 20.3ms)
 
 
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 14:46:45 +0000
+Started GET "/restricted" for 127.0.0.1 at 2012-09-11 10:02:03 +0000
 Processing by ExampleController#restricted as HTML
-  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-Completed 200 OK in 2ms (Views: 0.6ms | ActiveRecord: 0.1ms)
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 2ms (Views: 0.6ms | ActiveRecord: 0.2ms)
 
 
-Started GET "/restricted" for 127.0.0.1 at 2012-09-04 10:51:45 +0000
+Started GET "/restricted" for 127.0.0.1 at 2012-09-12 06:07:03 +0000
 Processing by ExampleController#restricted as HTML
 Authenticating with gds_sso strategy
 Completed   in 0ms
 
 
-Started GET "/auth/gds" for 127.0.0.1 at 2012-09-04 10:51:45 +0000
+Started GET "/auth/gds" for 127.0.0.1 at 2012-09-12 06:07:03 +0000
 
 
-Started GET "/auth/gds/callback?code=129ae989edfb10b1189524abb83f4ebdda68530fec23809d09e778c04c5c49ab&state=bf25823ef68c9ed8efcc024ad071edc2fc072a30accfc49f" for 127.0.0.1 at 2012-09-04 10:51:45 +0000
+Started GET "/auth/gds/callback?code=0f062933a2c6b3dd7d81bc94783a1a956488a2657e89d852cdfef83d753e094f&state=a2bc36a88756773441cfb3d4f70a93dfcc6cec5168b2d967" for 127.0.0.1 at 2012-09-12 06:07:03 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"129ae989edfb10b1189524abb83f4ebdda68530fec23809d09e778c04c5c49ab", "state"=>"bf25823ef68c9ed8efcc024ad071edc2fc072a30accfc49f"}
+  Parameters: {"code"=>"0f062933a2c6b3dd7d81bc94783a1a956488a2657e89d852cdfef83d753e094f", "state"=>"a2bc36a88756773441cfb3d4f70a93dfcc6cec5168b2d967"}
 Authenticating with gds_sso strategy
   User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
    (0.1ms)  begin transaction
-   (0.2ms)  UPDATE "users" SET "permissions" = '--- 
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
 GDS_SSO integration test: 
 - signin
 ' WHERE "users"."id" = 5
-   (8.6ms)  commit transaction
+   (8.7ms)  commit transaction
    (0.1ms)  begin transaction
-   (0.2ms)  UPDATE "users" SET "permissions" = '--- 
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
 GDS_SSO integration test: 
 - signin
 ' WHERE "users"."id" = 5
-   (2.2ms)  commit transaction
+   (1.9ms)  commit transaction
 Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 17ms (ActiveRecord: 11.7ms)
+Completed 302 Found in 17ms (ActiveRecord: 11.5ms)
 
 
-Started GET "/restricted" for 127.0.0.1 at 2012-09-04 10:51:45 +0000
+Started GET "/restricted" for 127.0.0.1 at 2012-09-12 06:07:03 +0000
 Processing by ExampleController#restricted as HTML
   User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
 Completed 200 OK in 2ms (Views: 0.5ms | ActiveRecord: 0.2ms)
 
 
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 14:46:45 +0000
+Started GET "/restricted" for 127.0.0.1 at 2012-09-11 10:02:03 +0000
 Processing by ExampleController#restricted as HTML
 Authenticating with gds_sso strategy
 Completed   in 0ms
 
 
-Started GET "/auth/gds" for 127.0.0.1 at 2012-09-03 14:46:45 +0000
+Started GET "/auth/gds" for 127.0.0.1 at 2012-09-11 10:02:03 +0000
 
 
-Started GET "/auth/gds/callback?code=34bfca3163b0af5bc840b79bbd85dfac4af1d797c91d253478e95dd6719b3c07&state=3639569b7dea3fcd7ab330567f0cda89bfc6e8cb939d7088" for 127.0.0.1 at 2012-09-03 14:46:45 +0000
+Started GET "/auth/gds/callback?code=390edc06dfc6ad00a3f5b9f7c707f2e294d752627dcf2973dc6a444203fc347a&state=492aa5f66f74fe69b4f9ef2143cfb218b5d5c77a057e577c" for 127.0.0.1 at 2012-09-11 10:02:04 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"34bfca3163b0af5bc840b79bbd85dfac4af1d797c91d253478e95dd6719b3c07", "state"=>"3639569b7dea3fcd7ab330567f0cda89bfc6e8cb939d7088"}
+  Parameters: {"code"=>"390edc06dfc6ad00a3f5b9f7c707f2e294d752627dcf2973dc6a444203fc347a", "state"=>"492aa5f66f74fe69b4f9ef2143cfb218b5d5c77a057e577c"}
 Authenticating with gds_sso strategy
   User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
    (0.1ms)  begin transaction
-   (0.2ms)  UPDATE "users" SET "permissions" = '--- 
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
 GDS_SSO integration test: 
 - signin
 ' WHERE "users"."id" = 5
-   (8.2ms)  commit transaction
+   (6.0ms)  commit transaction
    (0.0ms)  begin transaction
    (0.2ms)  UPDATE "users" SET "permissions" = '--- 
 GDS_SSO integration test: 
 - signin
 ' WHERE "users"."id" = 5
-   (2.2ms)  commit transaction
+   (2.1ms)  commit transaction
 Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 17ms (ActiveRecord: 11.2ms)
+Completed 302 Found in 16ms (ActiveRecord: 9.0ms)
 
 
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 14:46:45 +0000
+Started GET "/restricted" for 127.0.0.1 at 2012-09-11 10:02:04 +0000
 Processing by ExampleController#restricted as HTML
   User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
 Completed 200 OK in 1ms (Views: 0.5ms | ActiveRecord: 0.1ms)
 
 
-Started GET "/restricted" for 127.0.0.1 at 2012-09-04 10:41:45 +0000
+Started GET "/restricted" for 127.0.0.1 at 2012-09-12 05:57:04 +0000
 Processing by ExampleController#restricted as HTML
   User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
 Completed 200 OK in 1ms (Views: 0.2ms | ActiveRecord: 0.1ms)
 
 
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 14:46:45 +0000
+Started GET "/restricted" for 127.0.0.1 at 2012-09-11 10:02:04 +0000
 Processing by ExampleController#restricted as JSON
 Authenticating with gds_sso_api_access strategy
-Completed   in 12ms
+Completed   in 47ms
 
 
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 14:46:46 +0000
+Started GET "/restricted" for 127.0.0.1 at 2012-09-11 10:02:04 +0000
 Processing by ExampleController#restricted as JSON
 Authenticating with gds_sso_api_access strategy
-Completed 200 OK in 1ms (Views: 0.5ms | ActiveRecord: 0.0ms)
+Completed 200 OK in 1ms (Views: 0.6ms | ActiveRecord: 0.0ms)
 
 
-Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-09-03 14:46:46 +0000
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-09-11 10:02:04 +0000
 Processing by ExampleController#this_requires_signin_permission as JSON
 Authenticating with gds_sso_api_access strategy
 Completed 200 OK in 1ms (Views: 0.3ms | ActiveRecord: 0.0ms)
-Connecting to database specified by database.yml
-   (2.6ms)  select sqlite_version(*)
-   (15.2ms)  DROP TABLE "users"
-   (3.2ms)  CREATE TABLE "users" ("id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, "name" varchar(255) NOT NULL, "uid" varchar(255) NOT NULL, "email" varchar(255) NOT NULL, "remotely_signed_out" boolean, "permissions" text) 
-   (0.1ms)  begin transaction
-  SQL (7.4ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d36341"]]
-   (2.8ms)  commit transaction
-WARNING: Can't mass-assign protected attributes: uid, name, permissions
-Processing by Api::UserController#update as HTML
-  Parameters: {"uid"=>"a1s2d36341"}
-  Rendered /mnt/jenkins/workspace/GDS-SSO/app/views/authorisations/unauthorised.html.erb within layouts/unauthorised (3.3ms)
-Completed 403 Forbidden in 54ms (Views: 52.9ms | ActiveRecord: 0.0ms)
-   (0.1ms)  begin transaction
-  SQL (0.3ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d35869"]]
-   (2.7ms)  commit transaction
-Processing by Api::UserController#update as HTML
-  Parameters: {"uid"=>"a1s2d35869"}
-  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d35869' LIMIT 1
-   (0.1ms)  begin transaction
-   (5.7ms)  UPDATE "users" SET "email" = 'user@domain.com', "name" = 'Joshua Marshall', "permissions" = '--- 
-GDS_SSO integration test: 
-- signin
-- new permission
-' WHERE "users"."id" = 2
-   (2.8ms)  commit transaction
-Completed 200 OK in 58ms (ActiveRecord: 8.8ms)
-  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1  [["id", 2]]
-   (0.1ms)  begin transaction
-  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d33885"]]
-   (2.2ms)  commit transaction
-WARNING: Can't mass-assign protected attributes: uid, name, permissions
-Processing by Api::UserController#reauth as HTML
-  Parameters: {"uid"=>"a1s2d33885"}
-Completed 403 Forbidden in 2ms (Views: 1.1ms | ActiveRecord: 0.0ms)
-   (0.1ms)  begin transaction
-  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d37520"]]
-   (2.2ms)  commit transaction
-Processing by Api::UserController#reauth as HTML
-  Parameters: {"uid"=>"a1s2d37520"}
-  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d37520' LIMIT 1
-   (0.0ms)  begin transaction
-   (0.2ms)  UPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '--- 
-GDS_SSO integration test: 
-- signin
-' WHERE "users"."id" = 4
-   (2.4ms)  commit transaction
-Completed 200 OK in 5ms (ActiveRecord: 2.8ms)
-  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1  [["id", 4]]
-
-
-Started GET "/" for 127.0.0.1 at 2012-09-03 16:59:11 +0000
-Processing by ExampleController#index as HTML
-Completed 200 OK in 6ms (Views: 5.2ms | ActiveRecord: 0.0ms)
-
-
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 16:59:11 +0000
-Processing by ExampleController#restricted as HTML
-Authenticating with gds_sso strategy
-Completed   in 17ms
-
-
-Started GET "/auth/gds" for 127.0.0.1 at 2012-09-03 16:59:11 +0000
-
-
-Started GET "/auth/gds/callback?code=81cda0826d64a158b5d95a3f56dbf4271e579302f7a08627ecc82c9edce2cf24&state=f8164ca491d63bf1debf98ffda5e5d77e966cab765b4d94e" for 127.0.0.1 at 2012-09-03 16:59:12 +0000
-Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"81cda0826d64a158b5d95a3f56dbf4271e579302f7a08627ecc82c9edce2cf24", "state"=>"f8164ca491d63bf1debf98ffda5e5d77e966cab765b4d94e"}
-Authenticating with gds_sso strategy
-  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-   (0.1ms)  begin transaction
-  SQL (0.3ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "test@example-client.com"], ["name", "Test User"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "integration-uid"]]
-   (11.8ms)  commit transaction
-   (0.0ms)  begin transaction
-   (0.2ms)  UPDATE "users" SET "remotely_signed_out" = 'f', "permissions" = '--- 
-GDS_SSO integration test: 
-- signin
-' WHERE "users"."id" = 5
-   (2.7ms)  commit transaction
-Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 21ms (ActiveRecord: 15.3ms)
-
-
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 16:59:12 +0000
-Processing by ExampleController#restricted as HTML
-  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-Completed 200 OK in 2ms (Views: 0.5ms | ActiveRecord: 0.1ms)
-
-
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 16:59:12 +0000
-Processing by ExampleController#restricted as HTML
-Authenticating with gds_sso strategy
-Completed   in 0ms
-
-
-Started GET "/auth/gds" for 127.0.0.1 at 2012-09-03 16:59:12 +0000
 
 
-Started GET "/auth/gds/callback?code=40a551b8f54f278bc823e1450a69f29470b18b28fe539804b433c1c85b9d938c&state=9232ab5351883e75d19211af4605983aadbf37db1fb629a6" for 127.0.0.1 at 2012-09-03 16:59:12 +0000
-Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"40a551b8f54f278bc823e1450a69f29470b18b28fe539804b433c1c85b9d938c", "state"=>"9232ab5351883e75d19211af4605983aadbf37db1fb629a6"}
-Authenticating with gds_sso strategy
-  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-   (0.1ms)  begin transaction
-   (0.2ms)  UPDATE "users" SET "permissions" = '--- 
-GDS_SSO integration test: 
-- signin
-' WHERE "users"."id" = 5
-   (6.5ms)  commit transaction
-   (0.1ms)  begin transaction
-   (0.2ms)  UPDATE "users" SET "permissions" = '--- 
-GDS_SSO integration test: 
-- signin
-' WHERE "users"."id" = 5
-   (2.7ms)  commit transaction
-Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 16ms (ActiveRecord: 10.0ms)
-
-
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 16:59:12 +0000
-Processing by ExampleController#restricted as HTML
-  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-Completed 200 OK in 2ms (Views: 0.6ms | ActiveRecord: 0.1ms)
-
-
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 16:59:12 +0000
-Processing by ExampleController#restricted as HTML
-Authenticating with gds_sso strategy
-Completed   in 0ms
-
-
-Started GET "/auth/gds" for 127.0.0.1 at 2012-09-03 16:59:13 +0000
-
-
-Started GET "/auth/gds/callback?code=6e3c37583e10792679a530a49025f242343843376b8b0127cdafcea564e05a37&state=209f831be25313ef857cd21db7709427a9a5ea052e058946" for 127.0.0.1 at 2012-09-03 16:59:13 +0000
-Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"6e3c37583e10792679a530a49025f242343843376b8b0127cdafcea564e05a37", "state"=>"209f831be25313ef857cd21db7709427a9a5ea052e058946"}
-Authenticating with gds_sso strategy
-  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-   (0.0ms)  begin transaction
-   (0.2ms)  UPDATE "users" SET "permissions" = '--- 
-GDS_SSO integration test: 
-- signin
-' WHERE "users"."id" = 5
-   (10.5ms)  commit transaction
-   (0.0ms)  begin transaction
-   (0.2ms)  UPDATE "users" SET "permissions" = '--- 
-GDS_SSO integration test: 
-- signin
-' WHERE "users"."id" = 5
-   (2.8ms)  commit transaction
-Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 18ms (ActiveRecord: 13.9ms)
-
-
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 16:59:13 +0000
-Processing by ExampleController#restricted as HTML
-  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-Completed 200 OK in 1ms (Views: 0.3ms | ActiveRecord: 0.1ms)
-
-
-Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-09-03 16:59:13 +0000
-Processing by ExampleController#this_requires_signin_permission as HTML
-Authenticating with gds_sso strategy
-Completed   in 1ms
-
-
-Started GET "/auth/gds" for 127.0.0.1 at 2012-09-03 16:59:13 +0000
+Started GET "/restricted" for 127.0.0.1 at 2012-09-11 10:02:04 +0000
+Processing by ExampleController#restricted as JSON
+Authenticating with gds_bearer_token strategy
+Completed   in 19ms
 
 
-Started GET "/auth/gds/callback?code=2327f4896cae9d15aabcda4bc09852f9cd5c6f207f6c72030eda4a8de2a2a901&state=aa13b5ef4738690c6beb191039bc405b0384e85e09b36930" for 127.0.0.1 at 2012-09-03 16:59:13 +0000
-Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"2327f4896cae9d15aabcda4bc09852f9cd5c6f207f6c72030eda4a8de2a2a901", "state"=>"aa13b5ef4738690c6beb191039bc405b0384e85e09b36930"}
-Authenticating with gds_sso strategy
+Started GET "/restricted" for 127.0.0.1 at 2012-09-11 10:02:04 +0000
+Processing by ExampleController#restricted as JSON
+Authenticating with gds_bearer_token strategy
   User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
    (0.1ms)  begin transaction
-   (0.2ms)  UPDATE "users" SET "permissions" = '--- 
-GDS_SSO integration test: 
-- signin
-' WHERE "users"."id" = 5
-   (8.1ms)  commit transaction
-   (0.1ms)  begin transaction
-   (0.2ms)  UPDATE "users" SET "permissions" = '--- 
-GDS_SSO integration test: 
-- signin
-' WHERE "users"."id" = 5
-   (2.6ms)  commit transaction
-Redirected to http://www.example-client.com/this_requires_signin_permission
-Completed 302 Found in 17ms (ActiveRecord: 11.6ms)
-
-
-Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-09-03 16:59:13 +0000
-Processing by ExampleController#this_requires_signin_permission as HTML
-  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-Completed 200 OK in 2ms (Views: 0.5ms | ActiveRecord: 0.2ms)
-
-
-Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-09-03 16:59:13 +0000
-Processing by ExampleController#this_requires_signin_permission as HTML
-Authenticating with gds_sso strategy
-Completed   in 0ms
-
-
-Started GET "/auth/gds" for 127.0.0.1 at 2012-09-03 16:59:13 +0000
-
-
-Started GET "/auth/gds/callback?code=b01359e06edda1882a7ce7358ca7a0125a924eeb82f8b6790528e4f6e8ac0f77&state=dce53540d826d70256f10b732de1d7a7a6b5001dbe912fb9" for 127.0.0.1 at 2012-09-03 16:59:13 +0000
-Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"b01359e06edda1882a7ce7358ca7a0125a924eeb82f8b6790528e4f6e8ac0f77", "state"=>"dce53540d826d70256f10b732de1d7a7a6b5001dbe912fb9"}
-Authenticating with gds_sso strategy
-  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-   (0.1ms)  begin transaction
-   (0.2ms)  UPDATE "users" SET "permissions" = '--- 
-GDS_SSO integration test: 
-- signin
-' WHERE "users"."id" = 5
-   (8.8ms)  commit transaction
-   (0.1ms)  begin transaction
-   (0.2ms)  UPDATE "users" SET "permissions" = '--- 
-GDS_SSO integration test: 
-- signin
-' WHERE "users"."id" = 5
-   (2.8ms)  commit transaction
-Redirected to http://www.example-client.com/this_requires_signin_permission
-Completed 302 Found in 18ms (ActiveRecord: 12.4ms)
-
-
-Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-09-03 16:59:13 +0000
-Processing by ExampleController#this_requires_signin_permission as HTML
-  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-Completed 200 OK in 1ms (Views: 0.3ms | ActiveRecord: 0.2ms)
-
-
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 16:59:13 +0000
-Processing by ExampleController#restricted as HTML
-Authenticating with gds_sso strategy
-Completed   in 0ms
-
-
-Started GET "/auth/gds" for 127.0.0.1 at 2012-09-03 16:59:13 +0000
-
-
-Started GET "/auth/gds/callback?code=7e61f8126ce10aec160bcef5d5fa0aac3dacf4577d74da64ec96e4ab526a1f62&state=e0a7039034a8b84750a7cc1fb55d3c653f7f65148953a4dd" for 127.0.0.1 at 2012-09-03 16:59:14 +0000
-Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"7e61f8126ce10aec160bcef5d5fa0aac3dacf4577d74da64ec96e4ab526a1f62", "state"=>"e0a7039034a8b84750a7cc1fb55d3c653f7f65148953a4dd"}
-Authenticating with gds_sso strategy
-  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-   (1.5ms)  begin transaction
-   (4.7ms)  UPDATE "users" SET "permissions" = '--- 
-GDS_SSO integration test: 
-- signin
-' WHERE "users"."id" = 5
-   (11.8ms)  commit transaction
-   (0.0ms)  begin transaction
-   (0.2ms)  UPDATE "users" SET "permissions" = '--- 
-GDS_SSO integration test: 
-- signin
-' WHERE "users"."id" = 5
-   (2.3ms)  commit transaction
-Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 76ms (ActiveRecord: 20.8ms)
-
-
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 16:59:14 +0000
-Processing by ExampleController#restricted as HTML
-  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-Completed 200 OK in 2ms (Views: 0.6ms | ActiveRecord: 0.1ms)
-  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-   (0.0ms)  begin transaction
-   (0.2ms)  UPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '--- 
-GDS_SSO integration test: 
-- signin
-' WHERE "users"."id" = 5
-   (2.2ms)  commit transaction
-
-
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 16:59:14 +0000
-Processing by ExampleController#restricted as HTML
-  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-Filter chain halted as :authenticate_user! rendered or redirected
-Completed 403 Forbidden in 3ms (Views: 2.3ms | ActiveRecord: 0.1ms)
-
-
-Started GET "/auth/gds/sign_out" for 127.0.0.1 at 2012-09-03 16:59:14 +0000
-Processing by AuthenticationsController#sign_out as HTML
-Redirected to http://localhost:4567/users/sign_out
-Completed 302 Found in 1ms (ActiveRecord: 0.0ms)
-
-
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 16:59:14 +0000
-Processing by ExampleController#restricted as HTML
-Authenticating with gds_sso strategy
-Completed   in 0ms
-
-
-Started GET "/auth/gds" for 127.0.0.1 at 2012-09-03 16:59:14 +0000
-
-
-Started GET "/auth/gds/callback?code=f3f37641bd5cbc7956578adbd392068404377058a773db1aabeb97566a792933&state=e909edc3882fe2fa5a8c936eaf97ec15c120b755dce5a80b" for 127.0.0.1 at 2012-09-03 16:59:14 +0000
-Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"f3f37641bd5cbc7956578adbd392068404377058a773db1aabeb97566a792933", "state"=>"e909edc3882fe2fa5a8c936eaf97ec15c120b755dce5a80b"}
-Authenticating with gds_sso strategy
-  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-   (0.1ms)  begin transaction
-   (0.2ms)  UPDATE "users" SET "permissions" = '--- 
-GDS_SSO integration test: 
-- signin
-' WHERE "users"."id" = 5
-   (9.1ms)  commit transaction
-   (0.0ms)  begin transaction
-   (0.2ms)  UPDATE "users" SET "remotely_signed_out" = 'f', "permissions" = '--- 
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
 GDS_SSO integration test: 
 - signin
 ' WHERE "users"."id" = 5
-   (3.0ms)  commit transaction
-Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 17ms (ActiveRecord: 12.8ms)
-
-
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 16:59:14 +0000
-Processing by ExampleController#restricted as HTML
-  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-Completed 200 OK in 1ms (Views: 0.4ms | ActiveRecord: 0.1ms)
-
-
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 16:59:14 +0000
-Processing by ExampleController#restricted as HTML
-Authenticating with gds_sso strategy
-Completed   in 0ms
-
-
-Started GET "/auth/gds" for 127.0.0.1 at 2012-09-03 16:59:14 +0000
-
-
-Started GET "/auth/gds/callback?code=fde173b3b12f1e261db71b38ef82c2007a7aa5f801b01f4e2aa54f3800e6b4ba&state=4ae6e309bd84d88d18c92233aab0f0ff911e15e2c1ed5d0d" for 127.0.0.1 at 2012-09-03 16:59:15 +0000
-Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"fde173b3b12f1e261db71b38ef82c2007a7aa5f801b01f4e2aa54f3800e6b4ba", "state"=>"4ae6e309bd84d88d18c92233aab0f0ff911e15e2c1ed5d0d"}
-Authenticating with gds_sso strategy
-  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (6.9ms)  commit transaction
    (0.1ms)  begin transaction
-   (0.2ms)  UPDATE "users" SET "permissions" = '--- 
-GDS_SSO integration test: 
-- signin
-' WHERE "users"."id" = 5
-   (7.0ms)  commit transaction
-   (0.0ms)  begin transaction
-   (0.2ms)  UPDATE "users" SET "permissions" = '--- 
-GDS_SSO integration test: 
-- signin
-' WHERE "users"."id" = 5
-   (2.2ms)  commit transaction
-Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 16ms (ActiveRecord: 9.9ms)
-
-
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 16:59:15 +0000
-Processing by ExampleController#restricted as HTML
-  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-Completed 200 OK in 2ms (Views: 0.6ms | ActiveRecord: 0.1ms)
-
-
-Started GET "/restricted" for 127.0.0.1 at 2012-09-04 13:04:15 +0000
-Processing by ExampleController#restricted as HTML
-Authenticating with gds_sso strategy
-Completed   in 0ms
-
-
-Started GET "/auth/gds" for 127.0.0.1 at 2012-09-04 13:04:15 +0000
-
-
-Started GET "/auth/gds/callback?code=28665d2bbb7c40b2c1c0d48743f3953cbe1639b1f82e20ce907e0920b51d1f7b&state=837341d3cc5519d88bb79a1995ea1d8fa3f705ae3799ac91" for 127.0.0.1 at 2012-09-04 13:04:15 +0000
-Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"28665d2bbb7c40b2c1c0d48743f3953cbe1639b1f82e20ce907e0920b51d1f7b", "state"=>"837341d3cc5519d88bb79a1995ea1d8fa3f705ae3799ac91"}
-Authenticating with gds_sso strategy
-  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-   (1.2ms)  begin transaction
-   (0.2ms)  UPDATE "users" SET "permissions" = '--- 
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
 GDS_SSO integration test: 
 - signin
 ' WHERE "users"."id" = 5
-   (6.5ms)  commit transaction
-   (0.1ms)  begin transaction
-   (0.2ms)  UPDATE "users" SET "permissions" = '--- 
-GDS_SSO integration test: 
-- signin
-' WHERE "users"."id" = 5
-   (2.2ms)  commit transaction
-Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 16ms (ActiveRecord: 10.7ms)
-
-
-Started GET "/restricted" for 127.0.0.1 at 2012-09-04 13:04:15 +0000
-Processing by ExampleController#restricted as HTML
-  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-Completed 200 OK in 2ms (Views: 0.4ms | ActiveRecord: 0.2ms)
-
-
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 16:59:15 +0000
-Processing by ExampleController#restricted as HTML
-Authenticating with gds_sso strategy
-Completed   in 0ms
-
-
-Started GET "/auth/gds" for 127.0.0.1 at 2012-09-03 16:59:15 +0000
+   (2.4ms)  commit transaction
+Completed 200 OK in 77ms (Views: 0.7ms | ActiveRecord: 10.3ms)
 
 
-Started GET "/auth/gds/callback?code=8e4bc8427151e94ed9354dfc0926fa36cd6e9d480f5635a2832981cbd438928a&state=3819931064c403665a971bcf63c3d0d1f98c6704015a9700" for 127.0.0.1 at 2012-09-03 16:59:15 +0000
-Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"8e4bc8427151e94ed9354dfc0926fa36cd6e9d480f5635a2832981cbd438928a", "state"=>"3819931064c403665a971bcf63c3d0d1f98c6704015a9700"}
-Authenticating with gds_sso strategy
-  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-09-11 10:02:04 +0000
+Processing by ExampleController#this_requires_signin_permission as JSON
+Authenticating with gds_bearer_token strategy
+  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
    (0.1ms)  begin transaction
-   (0.2ms)  UPDATE "users" SET "permissions" = '--- 
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
 GDS_SSO integration test: 
 - signin
 ' WHERE "users"."id" = 5
-   (8.4ms)  commit transaction
+   (8.5ms)  commit transaction
    (0.0ms)  begin transaction
    (0.2ms)  UPDATE "users" SET "permissions" = '--- 
 GDS_SSO integration test: 
 - signin
 ' WHERE "users"."id" = 5
-   (2.7ms)  commit transaction
-Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 17ms (ActiveRecord: 11.9ms)
-
-
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 16:59:15 +0000
-Processing by ExampleController#restricted as HTML
-  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-Completed 200 OK in 2ms (Views: 0.6ms | ActiveRecord: 0.1ms)
-
-
-Started GET "/restricted" for 127.0.0.1 at 2012-09-04 12:54:15 +0000
-Processing by ExampleController#restricted as HTML
-  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-Completed 200 OK in 1ms (Views: 0.2ms | ActiveRecord: 0.1ms)
-
-
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 16:59:15 +0000
-Processing by ExampleController#restricted as JSON
-Authenticating with gds_sso_api_access strategy
-Completed   in 12ms
-
-
-Started GET "/restricted" for 127.0.0.1 at 2012-09-03 16:59:15 +0000
-Processing by ExampleController#restricted as JSON
-Authenticating with gds_sso_api_access strategy
-Completed 200 OK in 1ms (Views: 0.5ms | ActiveRecord: 0.0ms)
-
-
-Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-09-03 16:59:15 +0000
-Processing by ExampleController#this_requires_signin_permission as JSON
-Authenticating with gds_sso_api_access strategy
-Completed 200 OK in 1ms (Views: 0.3ms | ActiveRecord: 0.0ms)
+   (1.9ms)  commit transaction
+Completed 200 OK in 46ms (Views: 0.7ms | ActiveRecord: 11.3ms)