oauth2 2.0.4 → 2.0.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +16 -1
- data/README.md +7 -1
- data/lib/oauth2/access_token.rb +19 -8
- data/lib/oauth2/client.rb +8 -5
- data/lib/oauth2/error.rb +17 -9
- data/lib/oauth2/strategy/assertion.rb +1 -1
- data/lib/oauth2/strategy/auth_code.rb +1 -1
- data/lib/oauth2/strategy/client_credentials.rb +1 -1
- data/lib/oauth2/version.rb +1 -1
- metadata +5 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b016b4a0d35d5e6b17d60c9417f7a456b78a38462120fff7d68021235dee6f6d
|
4
|
+
data.tar.gz: 5627dc50a7dfc395f226a1209606aa63d1c8c9642ba6aba390f5ba3605567b33
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: cbbfb987df74ec80833a13f2d7ae5fc090af533cfe3e0ce7146ed3f1dcec45159a8ac4447c0aacbc5ad2c9e8490d76a9c227dcb857b9fc2cc4a5b6b6634d1b41
|
7
|
+
data.tar.gz: ebf819a7fcfb1c66041bb01b46f023fcfd8cb06f1762ff938795faab71e4871d00986899c592465e8424ebd40eff1e90c6a85a77e4717f4211a07ec41a148144
|
data/CHANGELOG.md
CHANGED
@@ -4,6 +4,16 @@ All notable changes to this project will be documented in this file.
|
|
4
4
|
The format (since v2) is based on [Keep a Changelog v1](https://keepachangelog.com/en/1.0.0/),
|
5
5
|
and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.0.0.html).
|
6
6
|
|
7
|
+
## [2.0.5] - 2022-07-07
|
8
|
+
### Fixed
|
9
|
+
- [#620](https://github.com/oauth-xx/oauth2/pull/620) - Documentation improvements, to help with upgrading (@swanson)
|
10
|
+
- [#621](https://github.com/oauth-xx/oauth2/pull/621) - Fixed [#528](https://github.com/oauth-xx/oauth2/issues/528) and [#619](https://github.com/oauth-xx/oauth2/issues/619) (@pboling)
|
11
|
+
- All data in responses is now returned, with the access token removed and set as `token`
|
12
|
+
- `refresh_token` is no longer dropped
|
13
|
+
- **BREAKING**: Microsoft's `id_token` is no longer left as `access_token['id_token']`, but moved to the standard `access_token.token` that all other strategies use
|
14
|
+
- Remove `parse` and `snaky` from options so they don't get included in response
|
15
|
+
- There is now 100% test coverage, for lines _and_ branches, and it will stay that way.
|
16
|
+
|
7
17
|
## [2.0.4] - 2022-07-01
|
8
18
|
### Fixed
|
9
19
|
- [#618](https://github.com/oauth-xx/oauth2/pull/618) - In some scenarios the `snaky` option default value was not applied (@pboling)
|
@@ -65,6 +75,10 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
|
|
65
75
|
- [#414](https://github.com/oauth-xx/oauth2/pull/414) - Use Base64.strict_encode64 instead of custom internal logic (@meganemura)
|
66
76
|
- [#489](https://github.com/oauth-xx/oauth2/pull/489) - **BREAKING**: Default value for option `OAuth2::Client` - `:authorize_url` removed leading slash to work with relative paths by default (`'oauth/authorize'`) (@ghost)
|
67
77
|
- [#489](https://github.com/oauth-xx/oauth2/pull/489) - **BREAKING**: Default value for option `OAuth2::Client` - `:token_url` removed leading slash to work with relative paths by default (`'oauth/token'`) (@ghost)
|
78
|
+
- [#507](https://github.com/oauth-xx/oauth2/pull/507), [#575](https://github.com/oauth-xx/oauth2/pull/575) - **BREAKING**: Transform keys to camel case, always, by default (ultimately via `rash_alt` gem)
|
79
|
+
- Original keys will still work as previously, in most scenarios, thanks to `rash_alt` gem.
|
80
|
+
- However, this is a _breaking_ change if you rely on `response.parsed.to_h`, as the keys in the result will be camel case.
|
81
|
+
- As of version 2.0.4 you can turn key transformation off with the `snaky: false` option.
|
68
82
|
- [#576](https://github.com/oauth-xx/oauth2/pull/576) - **BREAKING**: Stop rescuing parsing errors (@pboling)
|
69
83
|
- [#591](https://github.com/oauth-xx/oauth2/pull/576) - _DEPRECATION_: `OAuth2::Client` - `:extract_access_token` option is deprecated
|
70
84
|
### Fixed
|
@@ -277,5 +291,6 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
|
|
277
291
|
[2.0.2]: https://github.com/oauth-xx/oauth2/compare/v2.0.1...v2.0.2
|
278
292
|
[2.0.3]: https://github.com/oauth-xx/oauth2/compare/v2.0.2...v2.0.3
|
279
293
|
[2.0.4]: https://github.com/oauth-xx/oauth2/compare/v2.0.3...v2.0.4
|
280
|
-
[
|
294
|
+
[2.0.5]: https://github.com/oauth-xx/oauth2/compare/v2.0.4...v2.0.5
|
295
|
+
[Unreleased]: https://github.com/oauth-xx/oauth2/compare/v2.0.5...HEAD
|
281
296
|
[gemfiles/readme]: gemfiles/README.md
|
data/README.md
CHANGED
@@ -257,6 +257,12 @@ For more see [SECURITY.md][🚎sec-pol].
|
|
257
257
|
- `:access_token_class` (`AccessToken`); user specified class to use for all calls to `get_token`
|
258
258
|
- Adds new option to `OAuth2::AccessToken#initialize`:
|
259
259
|
- `:expires_latency` (`nil`); number of seconds by which AccessToken validity will be reduced to offset latency
|
260
|
+
- By default, keys are transformed to camel case.
|
261
|
+
- Original keys will still work as previously, in most scenarios, thanks to `rash_alt` gem.
|
262
|
+
- However, this is a _breaking_ change if you rely on `response.parsed.to_h`, as the keys in the result will be camel case.
|
263
|
+
- As of version 2.0.4 you can turn key transformation off with the `snaky: false` option.
|
264
|
+
- By default, the `:auth_scheme` is now `:basic_auth` (instead of `:request_body`)
|
265
|
+
- Third-party strategies and gems may need to be updated if a provider was requiring client id/secret in the request body
|
260
266
|
- [... A lot more](https://github.com/oauth-xx/oauth2/blob/master/CHANGELOG.md#2.0.0)
|
261
267
|
|
262
268
|
## Compatibility
|
@@ -517,7 +523,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
|
|
517
523
|
|
518
524
|
See [CONTRIBUTING.md][contributing]
|
519
525
|
|
520
|
-
[contributing]: https://github.com/oauth-xx/oauth2/blob/
|
526
|
+
[contributing]: https://github.com/oauth-xx/oauth2/blob/master/CONTRIBUTING.md
|
521
527
|
|
522
528
|
## Contributors
|
523
529
|
|
data/lib/oauth2/access_token.rb
CHANGED
@@ -8,12 +8,18 @@ module OAuth2
|
|
8
8
|
class << self
|
9
9
|
# Initializes an AccessToken from a Hash
|
10
10
|
#
|
11
|
-
# @param
|
12
|
-
# @param
|
11
|
+
# @param [Client] client the OAuth2::Client instance
|
12
|
+
# @param [Hash] hash a hash of AccessToken property values
|
13
|
+
# @option hash [String] 'access_token', 'id_token', 'token', :access_token, :id_token, or :token the access token
|
13
14
|
# @return [AccessToken] the initialized AccessToken
|
14
15
|
def from_hash(client, hash)
|
15
16
|
hash = hash.dup
|
16
|
-
|
17
|
+
token = hash.delete('access_token') || hash.delete(:access_token) ||
|
18
|
+
hash.delete('id_token') || hash.delete(:id_token) ||
|
19
|
+
hash.delete('token') || hash.delete(:token) ||
|
20
|
+
hash.delete('accessToken') || hash.delete(:accessToken) ||
|
21
|
+
hash.delete('idToken') || hash.delete(:idToken)
|
22
|
+
new(client, token, hash)
|
17
23
|
end
|
18
24
|
|
19
25
|
# Initializes an AccessToken from a key/value application/x-www-form-urlencoded string
|
@@ -24,10 +30,6 @@ module OAuth2
|
|
24
30
|
def from_kvform(client, kvform)
|
25
31
|
from_hash(client, Rack::Utils.parse_query(kvform))
|
26
32
|
end
|
27
|
-
|
28
|
-
def contains_token?(hash)
|
29
|
-
hash.key?('access_token') || hash.key?('id_token') || hash.key?('token')
|
30
|
-
end
|
31
33
|
end
|
32
34
|
|
33
35
|
# Initialize an AccessToken
|
@@ -47,6 +49,11 @@ module OAuth2
|
|
47
49
|
def initialize(client, token, opts = {})
|
48
50
|
@client = client
|
49
51
|
@token = token.to_s
|
52
|
+
|
53
|
+
if @client.options[:raise_errors] && (@token.nil? || @token.empty?)
|
54
|
+
error = Error.new(opts)
|
55
|
+
raise(error)
|
56
|
+
end
|
50
57
|
opts = opts.dup
|
51
58
|
%i[refresh_token expires_in expires_at expires_latency].each do |arg|
|
52
59
|
instance_variable_set("@#{arg}", opts.delete(arg) || opts.delete(arg.to_s))
|
@@ -95,7 +102,11 @@ module OAuth2
|
|
95
102
|
params[:refresh_token] = refresh_token
|
96
103
|
new_token = @client.get_token(params, access_token_opts)
|
97
104
|
new_token.options = options
|
98
|
-
|
105
|
+
if new_token.refresh_token
|
106
|
+
# Keep it, if there is one
|
107
|
+
else
|
108
|
+
new_token.refresh_token = refresh_token
|
109
|
+
end
|
99
110
|
new_token
|
100
111
|
end
|
101
112
|
# A compatibility alias
|
data/lib/oauth2/client.rb
CHANGED
@@ -165,10 +165,13 @@ module OAuth2
|
|
165
165
|
end
|
166
166
|
end.to_h
|
167
167
|
|
168
|
+
parse = params.key?(:parse) ? params.delete(:parse) : Response::DEFAULT_OPTIONS[:parse]
|
169
|
+
snaky = params.key?(:snaky) ? params.delete(:snaky) : Response::DEFAULT_OPTIONS[:snaky]
|
170
|
+
|
168
171
|
request_opts = {
|
169
172
|
raise_errors: options[:raise_errors],
|
170
|
-
parse:
|
171
|
-
snaky:
|
173
|
+
parse: parse,
|
174
|
+
snaky: snaky,
|
172
175
|
}
|
173
176
|
params = authenticator.apply(params)
|
174
177
|
headers = params.delete(:headers) || {}
|
@@ -266,8 +269,8 @@ module OAuth2
|
|
266
269
|
raise TimeoutError, e
|
267
270
|
end
|
268
271
|
|
269
|
-
parse = opts.
|
270
|
-
snaky = opts.
|
272
|
+
parse = opts.key?(:parse) ? opts.delete(:parse) : Response::DEFAULT_OPTIONS[:parse]
|
273
|
+
snaky = opts.key?(:snaky) ? opts.delete(:snaky) : Response::DEFAULT_OPTIONS[:snaky]
|
271
274
|
|
272
275
|
Response.new(response, parse: parse, snaky: snaky)
|
273
276
|
end
|
@@ -296,7 +299,7 @@ module OAuth2
|
|
296
299
|
access_token_class = options[:access_token_class]
|
297
300
|
data = response.parsed
|
298
301
|
|
299
|
-
unless data.is_a?(Hash) &&
|
302
|
+
unless data.is_a?(Hash) && !data.empty?
|
300
303
|
return unless options[:raise_errors]
|
301
304
|
|
302
305
|
error = Error.new(response)
|
data/lib/oauth2/error.rb
CHANGED
@@ -2,21 +2,29 @@
|
|
2
2
|
|
3
3
|
module OAuth2
|
4
4
|
class Error < StandardError
|
5
|
-
attr_reader :response, :code, :description
|
5
|
+
attr_reader :response, :body, :code, :description
|
6
6
|
|
7
7
|
# standard error codes include:
|
8
8
|
# 'invalid_request', 'invalid_client', 'invalid_token', 'invalid_grant', 'unsupported_grant_type', 'invalid_scope'
|
9
|
+
# response might be a Response object, or the response.parsed hash
|
9
10
|
def initialize(response)
|
10
11
|
@response = response
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
12
|
+
if response.respond_to?(:parsed)
|
13
|
+
if response.parsed.is_a?(Hash)
|
14
|
+
@code = response.parsed['error']
|
15
|
+
@description = response.parsed['error_description']
|
16
|
+
end
|
17
|
+
elsif response.is_a?(Hash)
|
18
|
+
@code = response['error']
|
19
|
+
@description = response['error_description']
|
17
20
|
end
|
18
|
-
|
19
|
-
|
21
|
+
@body = if response.respond_to?(:body)
|
22
|
+
response.body
|
23
|
+
else
|
24
|
+
@response
|
25
|
+
end
|
26
|
+
message_opts = parse_error_description(@code, @description)
|
27
|
+
super(error_message(@body, message_opts))
|
20
28
|
end
|
21
29
|
|
22
30
|
private
|
@@ -80,7 +80,7 @@ module OAuth2
|
|
80
80
|
assertion = build_assertion(claims, encoding_opts)
|
81
81
|
params = build_request(assertion, request_opts)
|
82
82
|
|
83
|
-
@client.get_token(params, response_opts
|
83
|
+
@client.get_token(params, response_opts)
|
84
84
|
end
|
85
85
|
|
86
86
|
private
|
@@ -25,7 +25,7 @@ module OAuth2
|
|
25
25
|
#
|
26
26
|
# @param [String] code The Authorization Code value
|
27
27
|
# @param [Hash] params additional params
|
28
|
-
# @param [Hash] opts
|
28
|
+
# @param [Hash] opts access_token_opts, @see Client#get_token
|
29
29
|
# @note that you must also provide a :redirect_uri with most OAuth 2.0 providers
|
30
30
|
def get_token(code, params = {}, opts = {})
|
31
31
|
params = {'grant_type' => 'authorization_code', 'code' => code}.merge(@client.redirection_params).merge(params)
|
@@ -19,7 +19,7 @@ module OAuth2
|
|
19
19
|
# @param [Hash] opts options
|
20
20
|
def get_token(params = {}, opts = {})
|
21
21
|
params = params.merge('grant_type' => 'client_credentials')
|
22
|
-
@client.get_token(params, opts
|
22
|
+
@client.get_token(params, opts)
|
23
23
|
end
|
24
24
|
end
|
25
25
|
end
|
data/lib/oauth2/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: oauth2
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0.
|
4
|
+
version: 2.0.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Peter Boling
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: exe
|
12
12
|
cert_chain: []
|
13
|
-
date: 2022-07-
|
13
|
+
date: 2022-07-07 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: faraday
|
@@ -307,10 +307,10 @@ licenses:
|
|
307
307
|
- MIT
|
308
308
|
metadata:
|
309
309
|
homepage_uri: https://github.com/oauth-xx/oauth2
|
310
|
-
source_code_uri: https://github.com/oauth-xx/oauth2/tree/v2.0.
|
311
|
-
changelog_uri: https://github.com/oauth-xx/oauth2/blob/v2.0.
|
310
|
+
source_code_uri: https://github.com/oauth-xx/oauth2/tree/v2.0.5
|
311
|
+
changelog_uri: https://github.com/oauth-xx/oauth2/blob/v2.0.5/CHANGELOG.md
|
312
312
|
bug_tracker_uri: https://github.com/oauth-xx/oauth2/issues
|
313
|
-
documentation_uri: https://www.rubydoc.info/gems/oauth2/2.0.
|
313
|
+
documentation_uri: https://www.rubydoc.info/gems/oauth2/2.0.5
|
314
314
|
wiki_uri: https://github.com/oauth-xx/oauth2/wiki
|
315
315
|
rubygems_mfa_required: 'true'
|
316
316
|
post_install_message: |2+
|