himari 0.1.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9534716186569cef82a629dd4c15fdcc2f30b6b79712445ef67156b33c99a299
-  data.tar.gz: 8243f15a8bdf914c8b73447aab430a243b0dffea2ea2b84af032d92de3fcdc49
+  metadata.gz: 9ef5f3bac5f8a375751669378420729ab8dbe9ce40c1e1dec0fb5a3ac938b304
+  data.tar.gz: ed87e0922bc863813624c34d217f02fd9f06fec442fd01a8b0c1daf760b6ca48
 SHA512:
-  metadata.gz: 30386ab57b39997a8634f63a99466f7efad64d0596767c8ad5f2123e877a1cd3b85f97f5ab29eb6a40d534a223582f56294220c5b3b9b5a873a5a61e928885d5
-  data.tar.gz: 207828253833d92b746ed271a8118e3389b9bbc51302ad57cf99bfb7dd339e337b27a770d6c63ebaa02e31c21264ca0b923fdee9ac3d28e5b55280cfd033aadf
+  metadata.gz: 97c69604496c88d5b6e0f38cf0693cdd07ee6dd15b73d12e724efcea058a2f44492fcbe57ed5ece878f36e7bc2631a028c1464f9bc17d33f519eb2f17b8ff576
+  data.tar.gz: 3a9fff6c67bec527df79527f9e436c5703d95e822e0b0d3bc4cc460e003205d238a9e8ea965f2fbb931a18389282dfa2b770e60b931eaadc82dd683b413f841a

data/Rakefile

@@ -5,4 +5,6 @@ require "rspec/core/rake_task"
 
 RSpec::Core::RakeTask.new(:spec)
 
+Bundler::GemHelper.tag_prefix = "himari/"
+
 task default: :spec

data/lib/himari/app.rb

@@ -1,5 +1,8 @@
 require 'sinatra/base'
 require 'addressable'
+require 'base64'
+
+require 'himari/version'
 
 require 'himari/log_line'
 
@@ -66,7 +69,16 @@ module Himari
       end
 
       def cachebuster
-        env['himari.cachebuster'] || "#{Process.pid}"
+        env['himari.cachebuster'] ||= Base64.urlsafe_encode64(release_code, padding: false)
+      end
+
+      def release_code
+        env['himari.release'] ||= begin
+          [
+            Himari::VERSION,
+            config.release_fragment,
+          ].compact.join(':')
+        end
       end
 
       def request_id
@@ -83,6 +95,12 @@ module Himari
           xff: env['HTTP_X_FORWARDED_FOR'],
         }
       end
+
+      def msg(key, default = nil)
+        config.custom_messages[key] || default
+      end
+
+      include ERB::Util
     end
 
     before do
@@ -109,6 +127,7 @@ module Himari
         authz = AuthorizationCode.make(
           client_id: decision.client.id,
           claims: decision.claims,
+          lifetime: decision.lifetime,
         )
 
         Himari::Services::OidcAuthorizationEndpoint.new(
@@ -119,11 +138,24 @@ module Himari
         ).call(env)
       else
         logger&.info(Himari::LogLine.new('authorize: prompt login', req: request_as_log, client_id: params[:client_id]))
-        erb :login
+        erb config.custom_templates[:login] || :login
       end
     rescue Himari::Services::DownstreamAuthorization::ForbiddenError => e
       logger&.warn(Himari::LogLine.new('authorize: downstream forbidden', req: request_as_log, allowed: e.result.authz_result.allowed, err: e.class.inspect, result: e.as_log))
-      halt 403, "Forbidden"
+
+      @notice = message_human = e.result.authz_result&.user_facing_message
+
+      case e.result.authz_result&.suggestion
+      when nil
+        # do nothing
+      when :reauthenticate
+        logger&.warn(Himari::LogLine.new('authorize: prompt login to reauthenticate', req: request_as_log, allowed: e.result.authz_result.allowed, err: e.class.inspect, result: e.as_log))
+        next erb(:login)
+      else
+        raise ArgumentError, "Unknown suggestion value for DownstreamAuthorization denial; #{e.as_log.inspect}"
+      end
+
+      halt(403, "Forbidden#{message_human ? "; #{message_human}" : nil}")
     end
 
     token_ep = proc do
@@ -164,9 +196,12 @@ module Himari
     end
 
     omniauth_callback = proc do
+      authhash = request.env['omniauth.auth']
+      next halt(400, 'Bad Request') unless authhash
+
       # do upstream auth
       authn = Himari::Services::UpstreamAuthentication.from_request(request).perform
-      logger&.info(Himari::LogLine.new('authentication allowed', req: request_as_log, allowed: authn.authn_result.allowed, uid: request.env.fetch('omniauth.auth')[:uid], provider: request.env.fetch('omniauth.auth')[:provider], result: authn.as_log))
+      logger&.info(Himari::LogLine.new('authentication allowed', req: request_as_log, allowed: authn.authn_result.allowed, uid: authhash[:uid], provider: authhash[:provider], result: authn.as_log))
       raise unless authn.authn_result.allowed # sanity check
 
       given_back_to = request.env['omniauth.params']&.fetch('back_to', nil)
@@ -185,7 +220,8 @@ module Himari
       redirect back_to
     rescue Himari::Services::UpstreamAuthentication::UnauthorizedError => e
       logger&.warn(Himari::LogLine.new('authentication denied', req: request_as_log, err: e.class.inspect, allowed: e.result.authn_result.allowed, uid: request.env.fetch('omniauth.auth')[:uid], provider: request.env.fetch('omniauth.auth')[:provider], result: e.as_log))
-      halt(401, 'Unauthorized')
+      message_human = e.result.authn_result&.user_facing_message
+      halt(401, "Unauthorized#{message_human ? "; #{message_human}" : nil}")
     end
     get '/auth/:provider/callback', &omniauth_callback
     post '/auth/:provider/callback', &omniauth_callback

data/lib/himari/authorization_code.rb

@@ -10,17 +10,25 @@ module Himari
     nonce
     code_challenge
     code_challenge_method
+    created_at
+    lifetime
     expiry
   )
   AuthorizationCode = Struct.new(*authz_attrs, keyword_init: true) do
     def self.make(**kwargs)
       new(
         code: SecureRandom.urlsafe_base64(32),
-        expiry: Time.now.to_i + 900,
+        created_at: Time.now.to_i,
         **kwargs,
       )
     end
 
+    alias _expiry_raw expiry
+    private :_expiry_raw
+    def expiry
+      self._expiry_raw || (self.expiry = created_at + (lifetime || 900))
+    end
+
     def valid_redirect_uri?(given_uri)
       redirect_uri == given_uri
     end
@@ -59,6 +67,8 @@ module Himari
         claims: claims,
         nonce: nonce,
         openid: openid,
+        created_at: created_at.to_i,
+        lifetime: lifetime.to_i,
         expiry: expiry.to_i,
         pkce: pkce?,
         pkce_method: code_challenge_method,
@@ -76,6 +86,8 @@ module Himari
         nonce: nonce,
         code_challenge: code_challenge,
         code_challenge_method: code_challenge_method,
+        created_at: created_at.to_i,
+        lifetime: lifetime.to_i,
         expiry: expiry.to_i,
       }
     end

data/lib/himari/config.rb

@@ -5,7 +5,7 @@ require 'himari/log_line'
 
 module Himari
   class Config
-    def initialize(issuer:, storage:, providers: [], log_output: $stdout, log_level: Logger::INFO, preserve_rack_logger: false)
+    def initialize(issuer:, storage:, providers: [], log_output: $stdout, log_level: Logger::INFO, preserve_rack_logger: false, custom_templates: {}, custom_messages: {}, release_fragment: nil)
       @issuer = issuer
       @providers = providers
       @storage = storage
@@ -13,9 +13,13 @@ module Himari
       @log_output = log_output
       @log_level = log_level
       @preserve_rack_logger = preserve_rack_logger
+
+      @custom_messages = custom_messages
+      @custom_templates = custom_templates
+      @release_fragment = release_fragment
     end
 
-    attr_reader :issuer, :providers, :storage, :preserve_rack_logger
+    attr_reader :issuer, :providers, :storage, :preserve_rack_logger, :custom_messages, :custom_templates, :release_fragment
 
     def logger
       @logger ||= Logger.new(@log_output).tap do |l|

data/lib/himari/decisions/authorization.rb

@@ -19,14 +19,15 @@ module Himari
 
       allow_effects(:allow, :deny, :continue, :skip)
 
-      def initialize(claims: {}, allowed_claims: DEFAULT_ALLOWED_CLAIMS, lifetime: 3600 * 12)
+      def initialize(claims: {}, allowed_claims: DEFAULT_ALLOWED_CLAIMS, lifetime: 3600)
         super()
         @claims = claims
         @allowed_claims = allowed_claims
         @lifetime = lifetime
       end
 
-      attr_reader :claims, :allowed_claims, :lifetime
+      attr_reader :claims, :allowed_claims
+      attr_accessor :lifetime
 
       def to_evolve_args
         {
@@ -37,10 +38,10 @@ module Himari
       end
 
       def as_log
-        to_h.merge(claims: output, lifetime: @lifetime&.to_i)
+        to_h.merge(claims: output_claims, lifetime: @lifetime&.to_i)
       end
 
-      def output
+      def output_claims
         claims.select { |k,_v| allowed_claims.include?(k) }
       end
     end

data/lib/himari/decisions/base.rb

@@ -18,7 +18,7 @@ module Himari
         raise "#{self.class.name}.valid_effects is missing [BUG]" unless self.class.valid_effects
       end
 
-      attr_reader :effect, :effect_comment, :rule_name
+      attr_reader :effect, :effect_comment, :effect_user_facing_message, :effect_suggestion, :rule_name
 
       def to_evolve_args
         raise NotImplementedError
@@ -29,7 +29,10 @@ module Himari
           rule_name: rule_name,
           effect: effect,
           effect_comment: effect_comment,
-        }
+        }.tap do |x|
+          x[:effect_user_facing_message] = effect_user_facing_message if effect_user_facing_message
+          x[:effect_suggestion] = effect_suggestion if effect_suggestion
+        end
       end
 
       def as_log
@@ -46,18 +49,21 @@ module Himari
         self
       end
 
-      def decide!(effect, comment = "")
+      def decide!(effect, comment = "", user_facing_message: nil, suggest: nil)
         raise DecisionAlreadyMade, "decision can only be made once per rule (#{rule_name})" if @effect
         raise InvalidEffect, "this effect is not valid under this rule. Valid effects: #{self.class.valid_effects.inspect} (#{rule_name})" unless self.class.valid_effects.include?(effect)
+        raise InvalidEffect, "only deny effect can have suggestion" if suggest&& effect != :deny
         @effect = effect
         @effect_comment = comment
+        @effect_user_facing_message = user_facing_message
+        @effect_suggestion = suggest
         nil
       end
 
-      def allow!(comment = ""); decide!(:allow, comment); end
-      def continue!(comment = ""); decide!(:continue, comment); end
-      def deny!(comment = ""); decide!(:deny, comment); end
-      def skip!(comment = ""); decide!(:skip, comment); end
+      def allow!(*args, **kwargs); decide!(:allow, *args, **kwargs); end
+      def continue!(*args, **kwargs); decide!(:continue, *args, **kwargs); end
+      def deny!(*args, **kwargs); decide!(:deny, *args, **kwargs); end
+      def skip!(*args, **kwargs); decide!(:skip, *args, **kwargs); end
     end
   end
 end

data/lib/himari/id_token.rb

@@ -11,11 +11,12 @@ module Himari
         claims: authz.claims,
         client_id: authz.client_id,
         nonce: authz.nonce,
+        lifetime: authz.lifetime,
         **kwargs
       )
     end
 
-    def initialize(claims:, client_id:, nonce:, signing_key:, issuer:, access_token: nil, time: Time.now)
+    def initialize(claims:, client_id:, nonce:, signing_key:, issuer:, access_token: nil, time: Time.now, lifetime: 3600)
       @claims = claims
       @client_id = client_id
       @nonce = nonce
@@ -23,6 +24,7 @@ module Himari
       @issuer = issuer
       @access_token = access_token
       @time = time
+      @lifetime = lifetime
     end
 
     attr_reader :claims, :nonce, :signing_key
@@ -34,7 +36,7 @@ module Himari
         aud: @client_id,
         iat: @time.to_i,
         nbf: @time.to_i,
-        exp: (@time + 3600).to_i, # TODO: lifetime
+        exp: (@time + @lifetime).to_i,
       ).merge(
         @nonce ? { nonce: @nonce } : {}
       ).merge(

data/lib/himari/rule_processor.rb

@@ -2,7 +2,7 @@ module Himari
   class RuleProcessor
     class MissingDecisionError < StandardError; end
 
-    Result = Struct.new(:rule_name, :allowed, :explicit_deny, :decision, :decision_log, keyword_init: true) do
+    Result = Struct.new(:rule_name, :allowed, :explicit_deny, :decision, :decision_log, :user_facing_message, :suggestion, keyword_init: true) do
       def as_log
         {
           rule_name: rule_name,
@@ -10,7 +10,9 @@ module Himari
           explicit_deny: explicit_deny,
           decision: decision&.as_log,
           decision_log: decision_log.map(&:to_h),
-        }
+        }.tap do |x|
+          x[:suggestion] = suggestion if suggestion
+        end
       end
     end
 
@@ -47,6 +49,7 @@ module Himari
         result.decision = decision
         result.allowed = true
         result.explicit_deny = false
+        result.user_facing_message = decision.effect_user_facing_message
 
       when :continue
         @decision = decision
@@ -61,6 +64,8 @@ module Himari
         result.decision = nil
         result.allowed = false
         result.explicit_deny = true
+        result.user_facing_message = decision.effect_user_facing_message
+        result.suggestion = decision.effect_suggestion
 
       else
         raise "Unknown effect #{decision.effect} [BUG]"

data/lib/himari/services/downstream_authorization.rb

@@ -21,7 +21,7 @@ module Himari
         end
       end
 
-      Result = Struct.new(:client, :claims, :authz_result) do
+      Result = Struct.new(:client, :claims, :lifetime, :authz_result) do
         def as_log
           {
             client: client.as_log,
@@ -63,10 +63,11 @@ module Himari
         context = Himari::Decisions::Authorization::Context.new(claims: @session.claims, user_data: @session.user_data, request: @request, client: @client).freeze
 
         authorization = Himari::RuleProcessor.new(context, Himari::Decisions::Authorization.new(claims: @session.claims.dup)).run(@authz_rules)
-        raise ForbiddenError.new(Result.new(@client, nil, authorization)) unless authorization.allowed
+        raise ForbiddenError.new(Result.new(@client, nil, nil, authorization)) unless authorization.allowed
 
-        claims = authorization.decision.output
-        Result.new(@client, claims, authorization)
+        claims = authorization.decision.output_claims
+        lifetime = authorization.decision.lifetime
+        Result.new(@client, claims, lifetime, authorization)
       end
     end
   end

data/lib/himari/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Himari
-  VERSION = "0.1.0"
+  VERSION = "0.3.0"
 end

data/public/public/index.css

@@ -19,10 +19,10 @@ main {
   border: none;
 }
 
-main > header {
+main > header, main > footer {
   text-align: center;
 }
-main > header img{
+main > header img, main > footer img {
   max-width: 200px;
   height: auto;
 }
@@ -58,6 +58,15 @@ main > header img{
   margin-top: 30px;
 }
 
+.notice {
+  background-color: white;
+  border: 1px #bfa88a solid;
+  border-radius: 4px;
+  padding: 4px;
+  margin: 12px;
+  margin-bottom: 24px;
+}
+
 .d-none {
   display: none;
 }

data/views/login.erb

@@ -2,16 +2,28 @@
 <html lang="en">
   <head>
     <meta charset="utf-8">
-    <title>Himari Login</title>
-    <link rel="stylesheet" href="/public/index.css?v=<%= cachebuster %>" type="text/css" />
+    <title><%= h(msg(:page_title, nil) || msg(:title, "Login to Himari")) %></title>
+    <link rel="stylesheet" href="/public/index.css?cb=<%= cachebuster %>" type="text/css" />
     <meta name="viewport" content="initial-scale=1">
     <meta name="robots" content="noindex, nofollow">
 
-    <meta name="himari:release" content="TODO:">
+    <meta name="himari:release" content="<%= release_code %>">
   </head>
 
-  <body class='himari-app himari-loading'>
+  <body class='himari-app himari-login'>
     <main>
+
+      <header>
+        <h1><%= msg(:title, "Login to Himari") %></h1>
+        <%= msg(:header) %>
+
+        <% if @notice %>
+          <div class='notice'>
+            <p><%=h @notice %></p>
+          </div>
+        <% end %>
+      </header>
+
       <nav class='actions'>
         <fieldset id='actions-fieldset'>
           <% known_providers.each do |provider| %>
@@ -22,6 +34,10 @@
           <% end %>
         </fieldset>
       </nav>
+
+      <footer>
+        <%= msg(:footer) %>
+      </footer>
     </main>
 
     <script type='text/javascript'>

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: himari
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Sorah Fukumori
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-03-20 00:00:00.000000000 Z
+date: 2023-03-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sinatra
@@ -102,11 +102,8 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".rspec"
-- Gemfile
-- Gemfile.lock
 - LICENSE.txt
 - Rakefile
-- himari.gemspec
 - lib/himari.rb
 - lib/himari/access_token.rb
 - lib/himari/app.rb
@@ -167,7 +164,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.0.dev
+rubygems_version: 3.1.6
 signing_key:
 specification_version: 4
 summary: Small OIDC IdP for small teams - Omniauth to OIDC

data/Gemfile

@@ -1,11 +0,0 @@
-source 'https://rubygems.org'
-gemspec
-
-gem 'rake'
-
-group :test do
-  gem 'rspec'
-  gem 'simplecov'
-  gem 'simplecov-html'
-  gem 'rack-test'
-end

data/Gemfile.lock

@@ -1,152 +0,0 @@
-PATH
-  remote: .
-  specs:
-    himari (0.1.0)
-      addressable
-      omniauth (>= 2.0)
-      openid_connect
-      rack-oauth2
-      rack-protection
-      sinatra (>= 3.0)
-
-GEM
-  remote: https://rubygems.org/
-  specs:
-    activemodel (7.0.4.3)
-      activesupport (= 7.0.4.3)
-    activesupport (7.0.4.3)
-      concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 1.6, < 2)
-      minitest (>= 5.1)
-      tzinfo (~> 2.0)
-    addressable (2.8.1)
-      public_suffix (>= 2.0.2, < 6.0)
-    aes_key_wrap (1.1.0)
-    attr_required (1.0.1)
-    bindata (2.4.15)
-    concurrent-ruby (1.2.2)
-    date (3.3.3)
-    diff-lcs (1.5.0)
-    docile (1.4.0)
-    faraday (2.7.4)
-      faraday-net_http (>= 2.0, < 3.1)
-      ruby2_keywords (>= 0.0.4)
-    faraday-follow_redirects (0.3.0)
-      faraday (>= 1, < 3)
-    faraday-net_http (3.0.2)
-    hashie (5.0.0)
-    i18n (1.12.0)
-      concurrent-ruby (~> 1.0)
-    json-jwt (1.16.3)
-      activesupport (>= 4.2)
-      aes_key_wrap
-      bindata
-      faraday (~> 2.0)
-      faraday-follow_redirects
-    mail (2.8.1)
-      mini_mime (>= 0.1.1)
-      net-imap
-      net-pop
-      net-smtp
-    mini_mime (1.1.2)
-    minitest (5.18.0)
-    mustermann (3.0.0)
-      ruby2_keywords (~> 0.0.1)
-    net-imap (0.3.4)
-      date
-      net-protocol
-    net-pop (0.1.2)
-      net-protocol
-    net-protocol (0.2.1)
-      timeout
-    net-smtp (0.3.3)
-      net-protocol
-    omniauth (2.1.1)
-      hashie (>= 3.4.6)
-      rack (>= 2.2.3)
-      rack-protection
-    openid_connect (2.2.0)
-      activemodel
-      attr_required (>= 1.0.0)
-      faraday (~> 2.0)
-      faraday-follow_redirects
-      json-jwt (>= 1.16)
-      net-smtp
-      rack-oauth2 (~> 2.2)
-      swd (~> 2.0)
-      tzinfo
-      validate_email
-      validate_url
-      webfinger (~> 2.0)
-    public_suffix (5.0.1)
-    rack (2.2.6.4)
-    rack-oauth2 (2.2.0)
-      activesupport
-      attr_required
-      faraday (~> 2.0)
-      faraday-follow_redirects
-      json-jwt (>= 1.11.0)
-      rack (>= 2.1.0)
-    rack-protection (3.0.5)
-      rack
-    rack-test (2.1.0)
-      rack (>= 1.3)
-    rake (13.0.6)
-    rspec (3.12.0)
-      rspec-core (~> 3.12.0)
-      rspec-expectations (~> 3.12.0)
-      rspec-mocks (~> 3.12.0)
-    rspec-core (3.12.1)
-      rspec-support (~> 3.12.0)
-    rspec-expectations (3.12.2)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.12.0)
-    rspec-mocks (3.12.4)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.12.0)
-    rspec-support (3.12.0)
-    ruby2_keywords (0.0.5)
-    simplecov (0.22.0)
-      docile (~> 1.1)
-      simplecov-html (~> 0.11)
-      simplecov_json_formatter (~> 0.1)
-    simplecov-html (0.12.3)
-    simplecov_json_formatter (0.1.4)
-    sinatra (3.0.5)
-      mustermann (~> 3.0)
-      rack (~> 2.2, >= 2.2.4)
-      rack-protection (= 3.0.5)
-      tilt (~> 2.0)
-    swd (2.0.2)
-      activesupport (>= 3)
-      attr_required (>= 0.0.5)
-      faraday (~> 2.0)
-      faraday-follow_redirects
-    tilt (2.1.0)
-    timeout (0.3.2)
-    tzinfo (2.0.6)
-      concurrent-ruby (~> 1.0)
-    validate_email (0.1.6)
-      activemodel (>= 3.0)
-      mail (>= 2.2.5)
-    validate_url (1.0.15)
-      activemodel (>= 3.0.0)
-      public_suffix
-    webfinger (2.1.2)
-      activesupport
-      faraday (~> 2.0)
-      faraday-follow_redirects
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  himari!
-  rack-test
-  rake
-  rspec
-  simplecov
-  simplecov-html
-
-BUNDLED WITH
-   2.4.8

data/himari.gemspec

@@ -1,44 +0,0 @@
-# frozen_string_literal: true
-
-require_relative "lib/himari/version"
-
-Gem::Specification.new do |spec|
-  spec.name = "himari"
-  spec.version = Himari::VERSION
-  spec.authors = ["Sorah Fukumori"]
-  spec.email = ["her@sorah.jp"]
-
-  spec.summary = "Small OIDC IdP for small teams - Omniauth to OIDC"
-  spec.homepage = "https://github.com/sorah/himari"
-  spec.license = "MIT"
-  spec.required_ruby_version = ">= 2.7.0"
-
-  spec.metadata["homepage_uri"] = spec.homepage
-  spec.metadata["source_code_uri"] = "https://github.com/sorah/himari"
-
-  # Specify which files should be added to the gem when it is released.
-  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
-  spec.files = Dir.chdir(__dir__) do
-    `git ls-files -z`.split("\x0").reject do |f|
-      (f == __FILE__) || f.match(%r{\A(?:(?:bin|test|spec|features)/|\.(?:git|travis|circleci)|appveyor)})
-    end
-  end
-  spec.bindir = "exe"
-  spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
-  spec.require_paths = ["lib"]
-
-  spec.add_dependency "sinatra", '>= 3.0'
-  spec.add_dependency 'rack-protection'
-  spec.add_dependency "omniauth", ">= 2.0"
-
-  spec.add_dependency 'addressable'
-
-  spec.add_dependency "rack-oauth2"
-  spec.add_dependency "openid_connect"
-
-  # Uncomment to register a new dependency of your gem
-  # spec.add_dependency "example-gem", "~> 1.0"
-
-  # For more information and examples about making a new gem, check out our
-  # guide at: https://bundler.io/guides/creating_gem.html
-end