googleauth 0.11.0 → 0.15.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/CODEOWNERS +7 -0
- data/.github/workflows/release.yml +36 -0
- data/.rubocop.yml +3 -1
- data/CHANGELOG.md +59 -23
- data/Gemfile +5 -2
- data/{COPYING → LICENSE} +0 -0
- data/Rakefile +21 -0
- data/googleauth.gemspec +3 -2
- data/integration/helper.rb +31 -0
- data/integration/id_tokens/key_source_test.rb +74 -0
- data/lib/googleauth.rb +1 -0
- data/lib/googleauth/application_default.rb +1 -1
- data/lib/googleauth/compute_engine.rb +40 -9
- data/lib/googleauth/credentials.rb +217 -54
- data/lib/googleauth/id_tokens.rb +233 -0
- data/lib/googleauth/id_tokens/errors.rb +71 -0
- data/lib/googleauth/id_tokens/key_sources.rb +394 -0
- data/lib/googleauth/id_tokens/verifier.rb +144 -0
- data/lib/googleauth/json_key_reader.rb +6 -2
- data/lib/googleauth/service_account.rb +39 -20
- data/lib/googleauth/signet.rb +3 -2
- data/lib/googleauth/version.rb +1 -1
- data/lib/googleauth/web_user_authorizer.rb +3 -6
- data/spec/googleauth/apply_auth_examples.rb +28 -5
- data/spec/googleauth/compute_engine_spec.rb +66 -13
- data/spec/googleauth/credentials_spec.rb +240 -112
- data/spec/googleauth/service_account_spec.rb +31 -16
- data/spec/googleauth/signet_spec.rb +15 -7
- data/spec/googleauth/user_refresh_spec.rb +1 -1
- data/test/helper.rb +33 -0
- data/test/id_tokens/key_sources_test.rb +240 -0
- data/test/id_tokens/verifier_test.rb +269 -0
- metadata +18 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b15478e865e5cfea5a21aaf18b55e6f7839c0c6a81fd127a249d414ce7f62589
|
4
|
+
data.tar.gz: 0a5ea3ff83f4706367b710ac200ef1936f042f8c124174c0ab5857aa435e940c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a096b40f4f8559d1263e9f7fd8d28742ee63199dfc5ae77c486602f14bb9f03ed1331b86e64a0afe32bcafef38bb9e26140226615ac546817e1bc8d4c96812ba
|
7
|
+
data.tar.gz: fefa616d20dbfb6b11b71e7869d08e470b919cce6ea991d91930f5036f2945fb652cbb6dfe83f50e93c626c953ba4d9b82483b28891abc97bbb8f4fae863013c
|
data/.github/CODEOWNERS
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
# Code owners file.
|
2
|
+
# This file controls who is tagged for review for any given pull request.
|
3
|
+
#
|
4
|
+
# For syntax help see:
|
5
|
+
# https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners#codeowners-syntax
|
6
|
+
|
7
|
+
* @googleapis/yoshi-ruby
|
@@ -0,0 +1,36 @@
|
|
1
|
+
on:
|
2
|
+
schedule:
|
3
|
+
- cron: '29 9 * * 1'
|
4
|
+
workflow_dispatch:
|
5
|
+
|
6
|
+
name: release
|
7
|
+
jobs:
|
8
|
+
release-please:
|
9
|
+
runs-on: ubuntu-latest
|
10
|
+
steps:
|
11
|
+
- name: ReleasePlease
|
12
|
+
id: release-please
|
13
|
+
uses: GoogleCloudPlatform/release-please-action@v2
|
14
|
+
with:
|
15
|
+
command: release-pr
|
16
|
+
token: ${{ secrets.YOSHI_CODE_BOT_TOKEN }}
|
17
|
+
fork: true
|
18
|
+
release-type: ruby
|
19
|
+
package-name: google-auth-library-ruby
|
20
|
+
version-file: lib/googleauth/version.rb
|
21
|
+
monorepo-tags: true
|
22
|
+
bump-minor-pre-major: true
|
23
|
+
- name: ReleaseLabel
|
24
|
+
id: release-label
|
25
|
+
if: ${{ steps.release-please.outputs.pr }}
|
26
|
+
uses: actions/github-script@v2
|
27
|
+
with:
|
28
|
+
github-token: ${{secrets.YOSHI_APPROVER_TOKEN}}
|
29
|
+
script: |
|
30
|
+
core.info("Labeling release");
|
31
|
+
github.issues.addLabels({
|
32
|
+
owner: 'googleapis',
|
33
|
+
repo: 'google-auth-library-ruby',
|
34
|
+
issue_number: ${{ steps.release-please.outputs.pr }},
|
35
|
+
labels: ["autorelease: pending", "kokoro:force-run"]
|
36
|
+
});
|
data/.rubocop.yml
CHANGED
data/CHANGELOG.md
CHANGED
@@ -1,9 +1,44 @@
|
|
1
|
-
|
1
|
+
# Release History
|
2
|
+
|
3
|
+
## [0.15.0](https://www.github.com/googleapis/google-auth-library-ruby/compare/v0.14.0...v0.15.0) (2021-01-26)
|
4
|
+
|
5
|
+
|
6
|
+
### Features
|
7
|
+
|
8
|
+
* Credential parameters inherit from superclasses ([4fa4720](https://www.github.com/googleapis/google-auth-library-ruby/commit/4fa47206dbd62f8bbdd1b9d3721f6baee9fd1d62))
|
9
|
+
* Service accounts apply a self-signed JWT if scopes are marked as default ([d22acb8](https://www.github.com/googleapis/google-auth-library-ruby/commit/d22acb8a510e6711b5674545c31a4816e5a9168f))
|
10
|
+
|
11
|
+
|
12
|
+
### Bug Fixes
|
13
|
+
|
14
|
+
* Retry fetch_access_token when GCE metadata server returns unexpected errors ([cd9b012](https://www.github.com/googleapis/google-auth-library-ruby/commit/cd9b0126d3419b9953982f71edc9e6ba3f640e3c))
|
15
|
+
* Support correct service account and user refresh behavior for custom credential env variables ([d2dffe5](https://www.github.com/googleapis/google-auth-library-ruby/commit/d2dffe592112b45006291ad9a57f56e00fb208c3))
|
16
|
+
|
17
|
+
## 0.14.0 / 2020-10-09
|
18
|
+
|
19
|
+
* Honor GCE_METADATA_HOST environment variable
|
20
|
+
* Fix errors in some environments when requesting an access token for multiple scopes
|
21
|
+
|
22
|
+
## 0.13.1 / 2020-07-30
|
23
|
+
|
24
|
+
* Support scopes when using GCE Metadata Server authentication ([@ball-hayden][])
|
25
|
+
|
26
|
+
## 0.13.0 / 2020-06-17
|
27
|
+
|
28
|
+
* Support for validating ID tokens.
|
29
|
+
* Fixed header application of ID tokens from service accounts.
|
30
|
+
|
31
|
+
## 0.12.0 / 2020-04-08
|
32
|
+
|
33
|
+
* Support for ID token credentials.
|
34
|
+
* Support reading quota_id_project from service account credentials.
|
35
|
+
|
36
|
+
## 0.11.0 / 2020-02-24
|
2
37
|
|
3
38
|
* Support Faraday 1.x.
|
4
39
|
* Allow special "postmessage" value for redirect_uri.
|
5
40
|
|
6
|
-
|
41
|
+
## 0.10.0 / 2019-10-09
|
7
42
|
|
8
43
|
Note: This release now requires Ruby 2.4 or later
|
9
44
|
|
@@ -13,7 +48,7 @@ Note: This release now requires Ruby 2.4 or later
|
|
13
48
|
* Set instance variables at initialization to avoid spamming warnings
|
14
49
|
* Pass "Metadata-Flavor" header to metadata server when checking for GCE
|
15
50
|
|
16
|
-
|
51
|
+
## 0.9.0 / 2019-08-05
|
17
52
|
|
18
53
|
* Restore compatibility with Ruby 2.0. This is the last release that will work on end-of-lifed versions of Ruby. The 0.10 release will require Ruby 2.4 or later.
|
19
54
|
* Update Credentials to use methods for values that are intended to be changed by users, replacing constants.
|
@@ -22,79 +57,79 @@ Note: This release now requires Ruby 2.4 or later
|
|
22
57
|
* Add verbosity none to gcloud command
|
23
58
|
* Make arity of WebUserAuthorizer#get_credentials compatible with the base class
|
24
59
|
|
25
|
-
|
60
|
+
## 0.8.1 / 2019-03-27
|
26
61
|
|
27
62
|
* Silence unnecessary gcloud warning
|
28
63
|
* Treat empty credentials environment variables as unset
|
29
64
|
|
30
|
-
|
65
|
+
## 0.8.0 / 2019-01-02
|
31
66
|
|
32
67
|
* Support connection options :default_connection and :connection_builder when creating credentials that need to refresh OAuth tokens. This lets clients provide connection objects with custom settings, such as proxies, needed for the client environment.
|
33
68
|
* Removed an unnecessary warning about project IDs.
|
34
69
|
|
35
|
-
|
70
|
+
## 0.7.1 / 2018-10-25
|
36
71
|
|
37
72
|
* Make load_gcloud_project_id module function.
|
38
73
|
|
39
|
-
|
74
|
+
## 0.7.0 / 2018-10-24
|
40
75
|
|
41
76
|
* Add project_id instance variable to UserRefreshCredentials, ServiceAccountCredentials, and Credentials.
|
42
77
|
|
43
|
-
|
78
|
+
## 0.6.7 / 2018-10-16
|
44
79
|
|
45
80
|
* Update memoist dependency to ~> 0.16.
|
46
81
|
|
47
|
-
|
82
|
+
## 0.6.6 / 2018-08-22
|
48
83
|
|
49
84
|
* Remove ruby version warnings.
|
50
85
|
|
51
|
-
|
86
|
+
## 0.6.5 / 2018-08-16
|
52
87
|
|
53
88
|
* Fix incorrect http verb when revoking credentials.
|
54
89
|
* Warn on EOL ruby versions.
|
55
90
|
|
56
|
-
|
91
|
+
## 0.6.4 / 2018-08-03
|
57
92
|
|
58
93
|
* Resolve issue where DefaultCredentials constant was undefined.
|
59
94
|
|
60
|
-
|
95
|
+
## 0.6.3 / 2018-08-02
|
61
96
|
|
62
97
|
* Resolve issue where token_store was being written to twice
|
63
98
|
|
64
|
-
|
99
|
+
## 0.6.2 / 2018-08-01
|
65
100
|
|
66
101
|
* Add warning when using cloud sdk credentials
|
67
102
|
|
68
|
-
|
103
|
+
## 0.6.1 / 2017-10-18
|
69
104
|
|
70
105
|
* Fix file permissions
|
71
106
|
|
72
|
-
|
107
|
+
## 0.6.0 / 2017-10-17
|
73
108
|
|
74
109
|
* Support ruby-jwt 2.0
|
75
110
|
* Add simple credentials class
|
76
111
|
|
77
|
-
|
112
|
+
## 0.5.3 / 2017-07-21
|
78
113
|
|
79
114
|
* Fix file permissions on the gem's `.rb` files.
|
80
115
|
|
81
|
-
|
116
|
+
## 0.5.2 / 2017-07-19
|
82
117
|
|
83
118
|
* Add retry mechanism when fetching access tokens in `GCECredentials` and `UserRefreshCredentials` classes.
|
84
119
|
* Update Google API OAuth2 token credential URI to v4.
|
85
120
|
|
86
|
-
|
121
|
+
## 0.5.1 / 2016-01-06
|
87
122
|
|
88
123
|
* Change header name emitted by `Client#apply` from "Authorization" to "authorization" ([@murgatroid99][])
|
89
124
|
* Fix ADC not working on some windows machines ([@vsubramani][])
|
90
125
|
[#55](https://github.com/google/google-auth-library-ruby/issues/55)
|
91
126
|
|
92
|
-
|
127
|
+
## 0.5.0 / 2015-10-12
|
93
128
|
|
94
129
|
* Initial support for user credentials ([@sqrrrl][])
|
95
130
|
* Update Signet to 0.7
|
96
131
|
|
97
|
-
|
132
|
+
## 0.4.2 / 2015-08-05
|
98
133
|
|
99
134
|
* Updated UserRefreshCredentials hash to use string keys ([@haabaato][])
|
100
135
|
[#36](https://github.com/google/google-auth-library-ruby/issues/36)
|
@@ -111,16 +146,16 @@ Note: This release now requires Ruby 2.4 or later
|
|
111
146
|
* Enables passing credentials via environment variables. ([@haabaato][])
|
112
147
|
[#27](https://github.com/google/google-auth-library-ruby/issues/27)
|
113
148
|
|
114
|
-
|
149
|
+
## 0.4.1 / 2015-04-25
|
115
150
|
|
116
151
|
* Improves handling of --no-scopes GCE authorization ([@tbetbetbe][])
|
117
152
|
* Refactoring and cleanup ([@joneslee85][])
|
118
153
|
|
119
|
-
|
154
|
+
## 0.4.0 / 2015-03-25
|
120
155
|
|
121
156
|
* Adds an implementation of JWT header auth ([@tbetbetbe][])
|
122
157
|
|
123
|
-
|
158
|
+
## 0.3.0 / 2015-03-23
|
124
159
|
|
125
160
|
* makes the scope parameter's optional in all APIs. ([@tbetbetbe][])
|
126
161
|
* changes the scope parameter's position in various constructors. ([@tbetbetbe][])
|
@@ -133,3 +168,4 @@ Note: This release now requires Ruby 2.4 or later
|
|
133
168
|
[@tbetbetbe]: https://github.com/tbetbetbe
|
134
169
|
[@murgatroid99]: https://github.com/murgatroid99
|
135
170
|
[@vsubramani]: https://github.com/vsubramani
|
171
|
+
[@ball-hayden]: https://github.com/ball-hayden
|
data/Gemfile
CHANGED
@@ -10,13 +10,15 @@ group :development do
|
|
10
10
|
gem "fakeredis", "~> 0.5"
|
11
11
|
gem "google-style", "~> 1.24.0"
|
12
12
|
gem "logging", "~> 2.0"
|
13
|
+
gem "minitest", "~> 5.14"
|
14
|
+
gem "minitest-focus", "~> 1.1"
|
13
15
|
gem "rack-test", "~> 0.6"
|
14
|
-
gem "rake", "~>
|
16
|
+
gem "rake", "~> 13.0"
|
15
17
|
gem "redis", "~> 3.2"
|
16
18
|
gem "rspec", "~> 3.0"
|
17
19
|
gem "simplecov", "~> 0.9"
|
18
20
|
gem "sinatra"
|
19
|
-
gem "webmock", "~>
|
21
|
+
gem "webmock", "~> 3.8"
|
20
22
|
end
|
21
23
|
|
22
24
|
platforms :jruby do
|
@@ -24,4 +26,5 @@ platforms :jruby do
|
|
24
26
|
end
|
25
27
|
end
|
26
28
|
|
29
|
+
gem "faraday", "~> 0.17"
|
27
30
|
gem "gems", "~> 1.2"
|
data/{COPYING → LICENSE}
RENAMED
File without changes
|
data/Rakefile
CHANGED
@@ -2,9 +2,30 @@
|
|
2
2
|
require "json"
|
3
3
|
require "bundler/gem_tasks"
|
4
4
|
|
5
|
+
require "rubocop/rake_task"
|
6
|
+
RuboCop::RakeTask.new
|
7
|
+
|
8
|
+
require "rake/testtask"
|
9
|
+
|
10
|
+
desc "Run tests."
|
11
|
+
Rake::TestTask.new do |t|
|
12
|
+
t.libs << "test"
|
13
|
+
t.test_files = FileList["test/**/*_test.rb"]
|
14
|
+
t.warning = false
|
15
|
+
end
|
16
|
+
|
17
|
+
desc "Run integration tests."
|
18
|
+
Rake::TestTask.new("integration") do |t|
|
19
|
+
t.libs << "integration"
|
20
|
+
t.test_files = FileList["integration/**/*_test.rb"]
|
21
|
+
t.warning = false
|
22
|
+
end
|
23
|
+
|
5
24
|
task :ci do
|
6
25
|
header "Using Ruby - #{RUBY_VERSION}"
|
7
26
|
sh "bundle exec rubocop"
|
27
|
+
Rake::Task["test"].invoke
|
28
|
+
Rake::Task["integration"].invoke
|
8
29
|
sh "bundle exec rspec"
|
9
30
|
end
|
10
31
|
|
data/googleauth.gemspec
CHANGED
@@ -9,7 +9,7 @@ Gem::Specification.new do |gem|
|
|
9
9
|
gem.version = Google::Auth::VERSION
|
10
10
|
gem.authors = ["Tim Emiola"]
|
11
11
|
gem.email = "temiola@google.com"
|
12
|
-
gem.homepage = "https://github.com/
|
12
|
+
gem.homepage = "https://github.com/googleapis/google-auth-library-ruby"
|
13
13
|
gem.summary = "Google Auth Library for Ruby"
|
14
14
|
gem.license = "Apache-2.0"
|
15
15
|
gem.description = <<-DESCRIPTION
|
@@ -32,6 +32,7 @@ Gem::Specification.new do |gem|
|
|
32
32
|
gem.add_dependency "memoist", "~> 0.16"
|
33
33
|
gem.add_dependency "multi_json", "~> 1.11"
|
34
34
|
gem.add_dependency "os", ">= 0.9", "< 2.0"
|
35
|
-
gem.add_dependency "signet", "~> 0.
|
35
|
+
gem.add_dependency "signet", "~> 0.14"
|
36
|
+
|
36
37
|
gem.add_development_dependency "yard", "~> 0.9"
|
37
38
|
end
|
@@ -0,0 +1,31 @@
|
|
1
|
+
# Copyright 2020 Google LLC
|
2
|
+
#
|
3
|
+
# Redistribution and use in source and binary forms, with or without
|
4
|
+
# modification, are permitted provided that the following conditions are
|
5
|
+
# met:
|
6
|
+
#
|
7
|
+
# * Redistributions of source code must retain the above copyright
|
8
|
+
# notice, this list of conditions and the following disclaimer.
|
9
|
+
# * Redistributions in binary form must reproduce the above
|
10
|
+
# copyright notice, this list of conditions and the following disclaimer
|
11
|
+
# in the documentation and/or other materials provided with the
|
12
|
+
# distribution.
|
13
|
+
# * Neither the name of Google Inc. nor the names of its
|
14
|
+
# contributors may be used to endorse or promote products derived from
|
15
|
+
# this software without specific prior written permission.
|
16
|
+
#
|
17
|
+
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
18
|
+
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
19
|
+
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
20
|
+
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
21
|
+
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
22
|
+
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
23
|
+
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
24
|
+
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
25
|
+
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
26
|
+
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
27
|
+
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
28
|
+
|
29
|
+
require "minitest/autorun"
|
30
|
+
require "minitest/focus"
|
31
|
+
require "googleauth"
|
@@ -0,0 +1,74 @@
|
|
1
|
+
# Copyright 2020 Google LLC
|
2
|
+
#
|
3
|
+
# Redistribution and use in source and binary forms, with or without
|
4
|
+
# modification, are permitted provided that the following conditions are
|
5
|
+
# met:
|
6
|
+
#
|
7
|
+
# * Redistributions of source code must retain the above copyright
|
8
|
+
# notice, this list of conditions and the following disclaimer.
|
9
|
+
# * Redistributions in binary form must reproduce the above
|
10
|
+
# copyright notice, this list of conditions and the following disclaimer
|
11
|
+
# in the documentation and/or other materials provided with the
|
12
|
+
# distribution.
|
13
|
+
# * Neither the name of Google Inc. nor the names of its
|
14
|
+
# contributors may be used to endorse or promote products derived from
|
15
|
+
# this software without specific prior written permission.
|
16
|
+
#
|
17
|
+
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
18
|
+
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
19
|
+
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
20
|
+
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
21
|
+
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
22
|
+
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
23
|
+
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
24
|
+
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
25
|
+
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
26
|
+
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
27
|
+
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
28
|
+
|
29
|
+
require "helper"
|
30
|
+
|
31
|
+
describe Google::Auth::IDTokens do
|
32
|
+
describe "key source" do
|
33
|
+
let(:legacy_oidc_key_source) {
|
34
|
+
Google::Auth::IDTokens::X509CertHttpKeySource.new "https://www.googleapis.com/oauth2/v1/certs"
|
35
|
+
}
|
36
|
+
let(:oidc_key_source) { Google::Auth::IDTokens.oidc_key_source }
|
37
|
+
let(:iap_key_source) { Google::Auth::IDTokens.iap_key_source }
|
38
|
+
|
39
|
+
it "Gets real keys from the OAuth2 V1 cert URL" do
|
40
|
+
keys = legacy_oidc_key_source.refresh_keys
|
41
|
+
refute_empty keys
|
42
|
+
keys.each do |key|
|
43
|
+
assert_kind_of OpenSSL::PKey::RSA, key.key
|
44
|
+
refute key.key.private?
|
45
|
+
assert_equal "RS256", key.algorithm
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
49
|
+
it "Gets real keys from the OAuth2 V3 cert URL" do
|
50
|
+
keys = oidc_key_source.refresh_keys
|
51
|
+
refute_empty keys
|
52
|
+
keys.each do |key|
|
53
|
+
assert_kind_of OpenSSL::PKey::RSA, key.key
|
54
|
+
refute key.key.private?
|
55
|
+
assert_equal "RS256", key.algorithm
|
56
|
+
end
|
57
|
+
end
|
58
|
+
|
59
|
+
it "Gets the same keys from the OAuth2 V1 and V3 cert URLs" do
|
60
|
+
keys_v1 = legacy_oidc_key_source.refresh_keys.map(&:key).map(&:export).sort
|
61
|
+
keys_v3 = oidc_key_source.refresh_keys.map(&:key).map(&:export).sort
|
62
|
+
assert_equal keys_v1, keys_v3
|
63
|
+
end
|
64
|
+
|
65
|
+
it "Gets real keys from the IAP public key URL" do
|
66
|
+
keys = iap_key_source.refresh_keys
|
67
|
+
refute_empty keys
|
68
|
+
keys.each do |key|
|
69
|
+
assert_kind_of OpenSSL::PKey::EC, key.key
|
70
|
+
assert_equal "ES256", key.algorithm
|
71
|
+
end
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
data/lib/googleauth.rb
CHANGED
@@ -31,5 +31,6 @@ require "googleauth/application_default"
|
|
31
31
|
require "googleauth/client_id"
|
32
32
|
require "googleauth/credentials"
|
33
33
|
require "googleauth/default_credentials"
|
34
|
+
require "googleauth/id_tokens"
|
34
35
|
require "googleauth/user_authorizer"
|
35
36
|
require "googleauth/web_user_authorizer"
|