keycloak-api-rails 0.10.2 → 0.11.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 87874dec1c650142ab5ab797da0242c54307a27f
-  data.tar.gz: 261fe67cecc45c6fd9831b15289d242e697ee354
+SHA256:
+  metadata.gz: ff480abdc3a9317e66060416095339c0612ff902fec1200bf1178c7445bfad39
+  data.tar.gz: 29d7cb681cb2b05d801ceac2634b6773278516413112500968cdfe5fe7cae76e
 SHA512:
-  metadata.gz: 2eecc8d1fb2e293f265712b90d44b012b68b319a22739906a39fc03e4c159d6780793dd1a2210b0e510d175bf86df6c414ddaa9c7bd360250b2a101f275548bd
-  data.tar.gz: 96aa59b4a9d1617f946d827660bed9e7f97b6326ac02d91e00805d2ac989de33af5bb53f7ee92e0c598a81dc8e1800b63966c872b553180f07a8164f2c665803
+  metadata.gz: 3bd3bac623390a4efe1cf24a80106c820e2b66c186350ddab00140ccab44f1a919117afb28a2bdcf02651cc1b780d0e9cfc4e75256d6083339e140bdd44669f6
+  data.tar.gz: fdbc7a9b37f8d5efdf5c11ee9ca01075ccfe9bbfaf7d5babfda1653eef9557a275c34487569d4589c2f5902c8ff13a7877f5e6d55133b0e4a7b9b4bd4fb00a58

data/CHANGELOG.md

@@ -0,0 +1,23 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [0.11.2] - 2022-03-30
+
+* Update `Gemfile.lock` to avoid wrong CVE detections. The version of Rails should always be specified by the parent project. This change has no functional impact.
+* Update `json-jwt` to `>=1.13.0`
+
+## [0.11.1] - 2019-11-27
+
+* When a token validation error occurs, do not log it as a `warn` (but as an `info` instead)
+
+## [0.11.0] - 2019-11-21
+
+* Remove dependency to `rest-client` (thanks to @@loicvigneron)
+* Access Authorization Party from ENV (thanks to @@loicvigneron)
+* New configuration option: `ca_certificate_file` (thanks to @@loicvigneron)
+* Access the token from ENV
+* Upgrade `json-jwt` to `1.11.0`

data/Dockerfile

@@ -1,11 +1,14 @@
-FROM ruby:2.4
-RUN mkdir -p /usr/src/app/lib/keycloak-api-rails
+FROM ruby:2.7.5-slim-bullseye
+
+RUN apt-get update -qq && apt-get install -y build-essential git ruby-dev && apt-get clean && \
+  mkdir -p /usr/src/app/lib/keycloak-api-rails
+
 WORKDIR /usr/src/app
 
 COPY Gemfile /usr/src/app/
 COPY Gemfile.lock /usr/src/app/
 COPY keycloak-api-rails.gemspec /usr/src/app/
 COPY lib/keycloak-api-rails/version.rb /usr/src/app/lib/keycloak-api-rails/
-RUN bundle install
+# RUN bundle install
 COPY . /usr/src/app
-RUN bundle install
+# RUN bundle install

data/Gemfile.lock

@@ -1,127 +1,156 @@
 PATH
   remote: .
   specs:
-    keycloak-api-rails (0.10.2)
-      json-jwt (>= 1.9.4)
+    keycloak-api-rails (0.11.2)
+      json-jwt (>= 1.11.0)
       rails (>= 4.2)
-      rest-client (>= 2.0.2)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (5.2.1)
-      actionpack (= 5.2.1)
+    actioncable (7.0.2.3)
+      actionpack (= 7.0.2.3)
+      activesupport (= 7.0.2.3)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailer (5.2.1)
-      actionpack (= 5.2.1)
-      actionview (= 5.2.1)
-      activejob (= 5.2.1)
+    actionmailbox (7.0.2.3)
+      actionpack (= 7.0.2.3)
+      activejob (= 7.0.2.3)
+      activerecord (= 7.0.2.3)
+      activestorage (= 7.0.2.3)
+      activesupport (= 7.0.2.3)
+      mail (>= 2.7.1)
+      net-imap
+      net-pop
+      net-smtp
+    actionmailer (7.0.2.3)
+      actionpack (= 7.0.2.3)
+      actionview (= 7.0.2.3)
+      activejob (= 7.0.2.3)
+      activesupport (= 7.0.2.3)
       mail (~> 2.5, >= 2.5.4)
+      net-imap
+      net-pop
+      net-smtp
       rails-dom-testing (~> 2.0)
-    actionpack (5.2.1)
-      actionview (= 5.2.1)
-      activesupport (= 5.2.1)
-      rack (~> 2.0)
+    actionpack (7.0.2.3)
+      actionview (= 7.0.2.3)
+      activesupport (= 7.0.2.3)
+      rack (~> 2.0, >= 2.2.0)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (5.2.1)
-      activesupport (= 5.2.1)
+      rails-html-sanitizer (~> 1.0, >= 1.2.0)
+    actiontext (7.0.2.3)
+      actionpack (= 7.0.2.3)
+      activerecord (= 7.0.2.3)
+      activestorage (= 7.0.2.3)
+      activesupport (= 7.0.2.3)
+      globalid (>= 0.6.0)
+      nokogiri (>= 1.8.5)
+    actionview (7.0.2.3)
+      activesupport (= 7.0.2.3)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activejob (5.2.1)
-      activesupport (= 5.2.1)
+      rails-html-sanitizer (~> 1.1, >= 1.2.0)
+    activejob (7.0.2.3)
+      activesupport (= 7.0.2.3)
       globalid (>= 0.3.6)
-    activemodel (5.2.1)
-      activesupport (= 5.2.1)
-    activerecord (5.2.1)
-      activemodel (= 5.2.1)
-      activesupport (= 5.2.1)
-      arel (>= 9.0)
-    activestorage (5.2.1)
-      actionpack (= 5.2.1)
-      activerecord (= 5.2.1)
-      marcel (~> 0.3.1)
-    activesupport (5.2.1)
+    activemodel (7.0.2.3)
+      activesupport (= 7.0.2.3)
+    activerecord (7.0.2.3)
+      activemodel (= 7.0.2.3)
+      activesupport (= 7.0.2.3)
+    activestorage (7.0.2.3)
+      actionpack (= 7.0.2.3)
+      activejob (= 7.0.2.3)
+      activerecord (= 7.0.2.3)
+      activesupport (= 7.0.2.3)
+      marcel (~> 1.0)
+      mini_mime (>= 1.1.0)
+    activesupport (7.0.2.3)
       concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 0.7, < 2)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
-    aes_key_wrap (1.0.1)
-    arel (9.0.0)
-    bindata (2.4.3)
-    builder (3.2.3)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+    aes_key_wrap (1.1.0)
+    bindata (2.4.10)
+    builder (3.2.4)
     byebug (9.1.0)
-    concurrent-ruby (1.0.5)
-    crass (1.0.4)
-    diff-lcs (1.3)
-    domain_name (0.5.20180417)
-      unf (>= 0.0.5, < 1.0.0)
-    erubi (1.7.1)
-    globalid (0.4.1)
-      activesupport (>= 4.2.0)
-    http-cookie (1.0.3)
-      domain_name (~> 0.5)
-    i18n (1.1.0)
+    concurrent-ruby (1.1.10)
+    crass (1.0.6)
+    diff-lcs (1.5.0)
+    digest (3.1.0)
+    erubi (1.10.0)
+    globalid (1.0.0)
+      activesupport (>= 5.0)
+    i18n (1.10.0)
       concurrent-ruby (~> 1.0)
-    json-jwt (1.9.4)
-      activesupport
+    io-wait (0.2.1)
+    json-jwt (1.13.0)
+      activesupport (>= 4.2)
       aes_key_wrap
       bindata
-    loofah (2.2.2)
+    loofah (2.15.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
-    mail (2.7.0)
+    mail (2.7.1)
       mini_mime (>= 0.1.1)
-    marcel (0.3.2)
-      mimemagic (~> 0.3.2)
-    method_source (0.9.0)
-    mime-types (3.2.2)
-      mime-types-data (~> 3.2015)
-    mime-types-data (3.2018.0812)
-    mimemagic (0.3.2)
-    mini_mime (1.0.1)
-    mini_portile2 (2.3.0)
-    minitest (5.11.3)
-    netrc (0.11.0)
-    nio4r (2.3.1)
-    nokogiri (1.8.4)
-      mini_portile2 (~> 2.3.0)
-    rack (2.0.6)
+    marcel (1.0.2)
+    method_source (1.0.0)
+    mini_mime (1.1.2)
+    mini_portile2 (2.8.0)
+    minitest (5.15.0)
+    net-imap (0.2.3)
+      digest
+      net-protocol
+      strscan
+    net-pop (0.1.1)
+      digest
+      net-protocol
+      timeout
+    net-protocol (0.1.2)
+      io-wait
+      timeout
+    net-smtp (0.3.1)
+      digest
+      net-protocol
+      timeout
+    nio4r (2.5.8)
+    nokogiri (1.13.3)
+      mini_portile2 (~> 2.8.0)
+      racc (~> 1.4)
+    racc (1.6.0)
+    rack (2.2.3)
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
-    rails (5.2.1)
-      actioncable (= 5.2.1)
-      actionmailer (= 5.2.1)
-      actionpack (= 5.2.1)
-      actionview (= 5.2.1)
-      activejob (= 5.2.1)
-      activemodel (= 5.2.1)
-      activerecord (= 5.2.1)
-      activestorage (= 5.2.1)
-      activesupport (= 5.2.1)
-      bundler (>= 1.3.0)
-      railties (= 5.2.1)
-      sprockets-rails (>= 2.0.0)
+    rails (7.0.2.3)
+      actioncable (= 7.0.2.3)
+      actionmailbox (= 7.0.2.3)
+      actionmailer (= 7.0.2.3)
+      actionpack (= 7.0.2.3)
+      actiontext (= 7.0.2.3)
+      actionview (= 7.0.2.3)
+      activejob (= 7.0.2.3)
+      activemodel (= 7.0.2.3)
+      activerecord (= 7.0.2.3)
+      activestorage (= 7.0.2.3)
+      activesupport (= 7.0.2.3)
+      bundler (>= 1.15.0)
+      railties (= 7.0.2.3)
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.0.4)
-      loofah (~> 2.2, >= 2.2.2)
-    railties (5.2.1)
-      actionpack (= 5.2.1)
-      activesupport (= 5.2.1)
+    rails-html-sanitizer (1.4.2)
+      loofah (~> 2.3)
+    railties (7.0.2.3)
+      actionpack (= 7.0.2.3)
+      activesupport (= 7.0.2.3)
       method_source
-      rake (>= 0.8.7)
-      thor (>= 0.19.0, < 2.0)
-    rake (12.3.1)
-    rest-client (2.0.2)
-      http-cookie (>= 1.0.2, < 2.0)
-      mime-types (>= 1.16, < 4.0)
-      netrc (~> 0.8)
+      rake (>= 12.2)
+      thor (~> 1.0)
+      zeitwerk (~> 2.5)
+    rake (13.0.6)
     rspec (3.7.0)
       rspec-core (~> 3.7.0)
       rspec-expectations (~> 3.7.0)
@@ -134,25 +163,17 @@ GEM
     rspec-mocks (3.7.0)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.7.0)
-    rspec-support (3.7.0)
-    sprockets (3.7.2)
-      concurrent-ruby (~> 1.0)
-      rack (> 1, < 3)
-    sprockets-rails (3.2.1)
-      actionpack (>= 4.0)
-      activesupport (>= 4.0)
-      sprockets (>= 3.0.0)
-    thor (0.20.0)
-    thread_safe (0.3.6)
+    rspec-support (3.7.1)
+    strscan (3.0.1)
+    thor (1.2.1)
     timecop (0.9.1)
-    tzinfo (1.2.5)
-      thread_safe (~> 0.1)
-    unf (0.1.4)
-      unf_ext
-    unf_ext (0.0.7.5)
-    websocket-driver (0.7.0)
+    timeout (0.2.0)
+    tzinfo (2.0.4)
+      concurrent-ruby (~> 1.0)
+    websocket-driver (0.7.5)
       websocket-extensions (>= 0.1.0)
-    websocket-extensions (0.1.3)
+    websocket-extensions (0.1.5)
+    zeitwerk (2.5.4)
 
 PLATFORMS
   ruby
@@ -164,4 +185,4 @@ DEPENDENCIES
   timecop (= 0.9.1)
 
 BUNDLED WITH
-   1.16.1
+   2.1.4

data/README.md

@@ -5,7 +5,7 @@ This gem aims at validates Keycloak JWT token in Ruby On Rails APIs.
 ## Install
 
 ```ruby
-gem "keycloak-api-rails", "0.10.2"
+gem "keycloak-api-rails", "0.11.2"
 ```
 
 ## Token validation
@@ -14,7 +14,7 @@ Tokens send (through query strings or Authorization headers) to this Railtie Mid
 
 ## Pass token to the API
 
-* Method 1: By adding an `Authorization` HTTP Header with its value set to `Bearer <your token>`. 
+* Method 1: By adding an `Authorization` HTTP Header with its value set to `Bearer <your token>`.
   _e.g_ using curl: `curl -H "Authorization: Bearer <your-token>" https://api.pouet.io/api/more-pouets`
 * Method 2: By providing the token via query string, especially via the parameter named `authorizationToken`. Keep in mind that this method is less secure (url are kept intact in your browser history, and so on...)
   _e.g._ using curl: `curl https://api.pouet.io/api/more-pouets?authorizationToken<your-token>`
@@ -42,8 +42,8 @@ All options have a default value. However, all of them can be changed in your in
 | `token_expiration_tolerance_in_seconds` | `10`| Logger | Optional | Number of seconds a token can expire before being rejected by the API. | `15` | 
 | `public_key_cache_ttl` | `86400`| Integer | Optional | Amount of time, in seconds, specifying maximum interval between two requests to {project_name} to retrieve new public keys. It is 86400 seconds (1 day) by default. At least once per this configured interval (1 day by default) will be new public key always downloaded. | `Rails.logger` | 
 | `custom_attributes` | `[]`| Array Of String | Optional | List of token attributes to read from each token and to add to their http request env | `["originalFirstName", "originalLastName"]` | 
-
-## Configure it 
+| `ca_certificate_file` | `nil`| String | Optional | Path to the certificate authority used to validate the Keycloak server certificate | `/credentials/production_root_ca_cert.pem` | 
+## Configure it
 
 Create a `keycloak.rb` file in your Rails `config/initializers` folder. For instance:
 
@@ -65,7 +65,7 @@ Once this gem is configured in your Rails project, you can read, validate and us
 
 ### Keycloak Id
 
-If you identify users using their Keycloak Id, this value can be read from your controllers using `Keycloak::Helper.current_user_id(request.env)`. 
+If you identify users using their Keycloak Id, this value can be read from your controllers using `Keycloak::Helper.current_user_id(request.env)`.
 
 ```ruby
 class AuthenticatedController < ApplicationController
@@ -173,4 +173,4 @@ From the `keycloak-rails-api` directory:
 
 ## Next developments
 
-* Remove dependency to `rest-client`
+* Manage multiple realms

data/keycloak-api-rails.gemspec

@@ -16,10 +16,9 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
   spec.add_dependency "rails",       ">= 4.2"
-  spec.add_dependency "json-jwt",    ">= 1.9.4"
-  spec.add_dependency "rest-client", ">= 2.0.2"
+  spec.add_dependency "json-jwt",    ">= 1.11.0"
 
   spec.add_development_dependency "rspec",   "3.7.0"
   spec.add_development_dependency "timecop", "0.9.1"
   spec.add_development_dependency "byebug", "9.1.0"
-end
+end

data/lib/keycloak-api-rails/configuration.rb

@@ -8,5 +8,6 @@ module Keycloak
     config_accessor :public_key_cache_ttl
     config_accessor :custom_attributes
     config_accessor :logger
+    config_accessor :ca_certificate_file
   end
 end

data/lib/keycloak-api-rails/helper.rb

@@ -1,12 +1,15 @@
 module Keycloak
   class Helper
-    
-    CURRENT_USER_ID_KEY     = "keycloak:keycloak_id"
-    CURRENT_USER_EMAIL_KEY  = "keycloak:email"
-    CURRENT_USER_LOCALE_KEY = "keycloak:locale"
-    CURRENT_USER_ATTRIBUTES = "keycloak:attributes"
-    ROLES_KEY               = "keycloak:roles"
-    QUERY_STRING_TOKEN_KEY  = "authorizationToken"
+
+    CURRENT_USER_ID_KEY          = "keycloak:keycloak_id"
+    CURRENT_AUTHORIZED_PARTY_KEY = "keycloak:authorized_party"
+    CURRENT_USER_EMAIL_KEY       = "keycloak:email"
+    CURRENT_USER_LOCALE_KEY      = "keycloak:locale"
+    CURRENT_USER_ATTRIBUTES      = "keycloak:attributes"
+    ROLES_KEY                    = "keycloak:roles"
+    RESOURCE_ROLES_KEY           = "keycloak:resource_roles"
+    TOKEN_KEY                    = "keycloak:token"
+    QUERY_STRING_TOKEN_KEY       = "authorizationToken"
 
     def self.current_user_id(env)
       env[CURRENT_USER_ID_KEY]
@@ -16,6 +19,22 @@ module Keycloak
       env[CURRENT_USER_ID_KEY] = token["sub"]
     end
 
+    def self.keycloak_token(env)
+      env[TOKEN_KEY]
+    end
+
+    def self.assign_keycloak_token(env, token)
+      env[TOKEN_KEY] = token
+    end
+
+    def self.current_authorized_party(env)
+      env[CURRENT_AUTHORIZED_PARTY_KEY]
+    end
+
+    def self.assign_current_authorized_party(env, token)
+      env[CURRENT_AUTHORIZED_PARTY_KEY] = token["azp"]
+    end
+
     def self.current_user_email(env)
       env[CURRENT_USER_EMAIL_KEY]
     end
@@ -40,8 +59,19 @@ module Keycloak
       env[ROLES_KEY] = token.dig("realm_access", "roles")
     end
 
+    def self.current_resource_roles(env)
+      env[RESOURCE_ROLES_KEY]
+    end
+
+    def self.assign_resource_roles(env, token)
+      env[RESOURCE_ROLES_KEY] = token.fetch("resource_access", {}).inject({}) do |resource_roles, (name, resource_attributes)|
+        resource_roles[name] = resource_attributes.fetch("roles", [])
+        resource_roles
+      end
+    end
+
     def self.assign_current_user_custom_attributes(env, token, attribute_names)
-      env[CURRENT_USER_ATTRIBUTES] = token.select { |key,value| attribute_names.include?(key) }
+      env[CURRENT_USER_ATTRIBUTES] = token.select { |key, value| attribute_names.include?(key) }
     end
 
     def self.current_user_custom_attributes(env)

data/lib/keycloak-api-rails/http_client.rb

@@ -0,0 +1,28 @@
+module Keycloak
+  class HTTPClient
+    def initialize(configuration)
+      @server_url          = configuration.server_url
+      @ca_certificate_file = configuration.ca_certificate_file
+      @x509_store          = OpenSSL::X509::Store.new
+      @x509_store.set_default_paths
+      @x509_store.add_file(@ca_certificate_file) if @ca_certificate_file
+    end
+
+    def get(realm_id, path)
+      uri          = build_uri(realm_id, path)
+      use_ssl      = uri.scheme == "http" ? false : true
+      Net::HTTP.start(uri.host, uri.port, :use_ssl => use_ssl, :cert_store => @x509_store) do |http|
+        request  = Net::HTTP::Get.new(uri)
+        response = http.request(request)
+        JSON.parse(response.body)
+      end
+    end
+
+    private
+
+    def build_uri(realm_id, path)
+      string_uri = File.join(@server_url, "realms", realm_id, path)
+      URI(string_uri)
+    end
+  end
+end

data/lib/keycloak-api-rails/middleware.rb

@@ -9,7 +9,7 @@ module Keycloak
       method = env["REQUEST_METHOD"]
       path   = env["PATH_INFO"]
       uri    = env["REQUEST_URI"]
-      
+
       if service.need_authentication?(method, path, env)
         logger.debug("Start authentication for #{method} : #{path}")
         token         = service.read_token(uri, env)
@@ -24,16 +24,19 @@ module Keycloak
     end
 
     def authentication_failed(message)
-      logger.warn(message)
+      logger.info(message)
       [401, {"Content-Type" => "application/json"}, [ { error: message }.to_json]]
     end
 
     def authentication_succeeded(env, decoded_token)
       Helper.assign_current_user_id(env, decoded_token)
+      Helper.assign_current_authorized_party(env, decoded_token)
       Helper.assign_current_user_email(env, decoded_token)
       Helper.assign_current_user_locale(env, decoded_token)
       Helper.assign_current_user_custom_attributes(env, decoded_token, config.custom_attributes)
       Helper.assign_realm_roles(env, decoded_token)
+      Helper.assign_resource_roles(env, decoded_token)
+      Helper.assign_keycloak_token(env, decoded_token)
       @app.call(env)
     end
 

data/lib/keycloak-api-rails/public_key_cached_resolver.rb

@@ -2,15 +2,15 @@ module Keycloak
   class PublicKeyCachedResolver
     attr_reader :cached_public_key_retrieved_at
 
-    def initialize(server_url, realm_id, public_key_cache_ttl)
-      @resolver                       = PublicKeyResolver.new(server_url, realm_id)
+    def initialize(http_client, realm_id, public_key_cache_ttl)
+      @resolver                       = PublicKeyResolver.new(http_client, realm_id)
       @public_key_cache_ttl           = public_key_cache_ttl
       @cached_public_keys             = nil
       @cached_public_key_retrieved_at = nil
     end
 
-    def self.from_configuration(configuration)
-      PublicKeyCachedResolver.new(configuration.server_url, configuration.realm_id, configuration.public_key_cache_ttl)
+    def self.from_configuration(http_client, configuration)
+      PublicKeyCachedResolver.new(http_client, configuration.realm_id, configuration.public_key_cache_ttl)
     end
 
     def find_public_keys

data/lib/keycloak-api-rails/public_key_resolver.rb

@@ -1,21 +1,12 @@
 module Keycloak
   class PublicKeyResolver
-    def initialize(server_url, realm_id)
-      @public_certificate_url = create_public_certificate_url(server_url, realm_id)
+    def initialize(http_client, realm_id)
+      @realm_id    = realm_id
+      @http_client = http_client
     end
 
     def find_public_keys
-      JSON::JWK::Set.new(JSON.parse(RestClient.get(@public_certificate_url).body)["keys"])
-    end
-
-    private
-
-    def create_realm_url(server_url, realm_id)
-      "#{server_url}/realms/#{realm_id}"
-    end
-
-    def create_public_certificate_url(server_url, realm_id)
-      "#{create_realm_url(server_url, realm_id)}/protocol/openid-connect/certs"
+      JSON::JWK::Set.new(@http_client.get(@realm_id, "protocol/openid-connect/certs")["keys"])
     end
   end
-end
+end

data/lib/keycloak-api-rails/version.rb

@@ -1,3 +1,3 @@
 module Keycloak
-  VERSION = "0.10.2"
+  VERSION = "0.11.2"
 end

data/lib/keycloak-api-rails.rb

@@ -2,8 +2,10 @@ require "logger"
 require "json/jwt"
 require "uri"
 require "date"
+require "net/http"
 
 require_relative "keycloak-api-rails/configuration"
+require_relative "keycloak-api-rails/http_client"
 require_relative "keycloak-api-rails/token_error"
 require_relative "keycloak-api-rails/helper"
 require_relative "keycloak-api-rails/public_key_resolver"
@@ -22,8 +24,12 @@ module Keycloak
     @configuration
   end
 
+  def self.http_client
+    @http_client ||= Keycloak::HTTPClient.new(config)
+  end
+
   def self.public_key_resolver
-    @public_key_resolver ||= PublicKeyCachedResolver.from_configuration(config)
+    @public_key_resolver ||= PublicKeyCachedResolver.from_configuration(http_client, config)
   end
 
   def self.service

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: keycloak-api-rails
 version: !ruby/object:Gem::Version
-  version: 0.10.2
+  version: 0.11.2
 platform: ruby
 authors:
 - Lorent Lempereur
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-05-16 00:00:00.000000000 Z
+date: 2022-03-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -30,28 +30,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.9.4
+        version: 1.11.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.9.4
-- !ruby/object:Gem::Dependency
-  name: rest-client
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 2.0.2
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 2.0.2
+        version: 1.11.0
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -103,6 +89,7 @@ extra_rdoc_files: []
 files:
 - ".gitignore"
 - ".rspec"
+- CHANGELOG.md
 - Dockerfile
 - Gemfile
 - Gemfile.lock
@@ -112,6 +99,7 @@ files:
 - lib/keycloak-api-rails.rb
 - lib/keycloak-api-rails/configuration.rb
 - lib/keycloak-api-rails/helper.rb
+- lib/keycloak-api-rails/http_client.rb
 - lib/keycloak-api-rails/middleware.rb
 - lib/keycloak-api-rails/public_key_cached_resolver.rb
 - lib/keycloak-api-rails/public_key_resolver.rb
@@ -130,7 +118,7 @@ homepage: https://github.com/looorent/keycloak-api-rails
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -145,9 +133,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.4
-signing_key: 
+rubygems_version: 3.2.3
+signing_key:
 specification_version: 4
 summary: Rails middleware that validates Authorization token emitted by Keycloak
 test_files: []