oauth2 2.0.4 → 2.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +16 -1
- data/README.md +7 -1
- data/lib/oauth2/access_token.rb +19 -8
- data/lib/oauth2/client.rb +8 -5
- data/lib/oauth2/error.rb +17 -9
- data/lib/oauth2/strategy/assertion.rb +1 -1
- data/lib/oauth2/strategy/auth_code.rb +1 -1
- data/lib/oauth2/strategy/client_credentials.rb +1 -1
- data/lib/oauth2/version.rb +1 -1
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b016b4a0d35d5e6b17d60c9417f7a456b78a38462120fff7d68021235dee6f6d
|
|
4
|
+
data.tar.gz: 5627dc50a7dfc395f226a1209606aa63d1c8c9642ba6aba390f5ba3605567b33
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: cbbfb987df74ec80833a13f2d7ae5fc090af533cfe3e0ce7146ed3f1dcec45159a8ac4447c0aacbc5ad2c9e8490d76a9c227dcb857b9fc2cc4a5b6b6634d1b41
|
|
7
|
+
data.tar.gz: ebf819a7fcfb1c66041bb01b46f023fcfd8cb06f1762ff938795faab71e4871d00986899c592465e8424ebd40eff1e90c6a85a77e4717f4211a07ec41a148144
|
data/CHANGELOG.md
CHANGED
|
@@ -4,6 +4,16 @@ All notable changes to this project will be documented in this file.
|
|
|
4
4
|
The format (since v2) is based on [Keep a Changelog v1](https://keepachangelog.com/en/1.0.0/),
|
|
5
5
|
and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.0.0.html).
|
|
6
6
|
|
|
7
|
+
## [2.0.5] - 2022-07-07
|
|
8
|
+
### Fixed
|
|
9
|
+
- [#620](https://github.com/oauth-xx/oauth2/pull/620) - Documentation improvements, to help with upgrading (@swanson)
|
|
10
|
+
- [#621](https://github.com/oauth-xx/oauth2/pull/621) - Fixed [#528](https://github.com/oauth-xx/oauth2/issues/528) and [#619](https://github.com/oauth-xx/oauth2/issues/619) (@pboling)
|
|
11
|
+
- All data in responses is now returned, with the access token removed and set as `token`
|
|
12
|
+
- `refresh_token` is no longer dropped
|
|
13
|
+
- **BREAKING**: Microsoft's `id_token` is no longer left as `access_token['id_token']`, but moved to the standard `access_token.token` that all other strategies use
|
|
14
|
+
- Remove `parse` and `snaky` from options so they don't get included in response
|
|
15
|
+
- There is now 100% test coverage, for lines _and_ branches, and it will stay that way.
|
|
16
|
+
|
|
7
17
|
## [2.0.4] - 2022-07-01
|
|
8
18
|
### Fixed
|
|
9
19
|
- [#618](https://github.com/oauth-xx/oauth2/pull/618) - In some scenarios the `snaky` option default value was not applied (@pboling)
|
|
@@ -65,6 +75,10 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
|
|
|
65
75
|
- [#414](https://github.com/oauth-xx/oauth2/pull/414) - Use Base64.strict_encode64 instead of custom internal logic (@meganemura)
|
|
66
76
|
- [#489](https://github.com/oauth-xx/oauth2/pull/489) - **BREAKING**: Default value for option `OAuth2::Client` - `:authorize_url` removed leading slash to work with relative paths by default (`'oauth/authorize'`) (@ghost)
|
|
67
77
|
- [#489](https://github.com/oauth-xx/oauth2/pull/489) - **BREAKING**: Default value for option `OAuth2::Client` - `:token_url` removed leading slash to work with relative paths by default (`'oauth/token'`) (@ghost)
|
|
78
|
+
- [#507](https://github.com/oauth-xx/oauth2/pull/507), [#575](https://github.com/oauth-xx/oauth2/pull/575) - **BREAKING**: Transform keys to camel case, always, by default (ultimately via `rash_alt` gem)
|
|
79
|
+
- Original keys will still work as previously, in most scenarios, thanks to `rash_alt` gem.
|
|
80
|
+
- However, this is a _breaking_ change if you rely on `response.parsed.to_h`, as the keys in the result will be camel case.
|
|
81
|
+
- As of version 2.0.4 you can turn key transformation off with the `snaky: false` option.
|
|
68
82
|
- [#576](https://github.com/oauth-xx/oauth2/pull/576) - **BREAKING**: Stop rescuing parsing errors (@pboling)
|
|
69
83
|
- [#591](https://github.com/oauth-xx/oauth2/pull/576) - _DEPRECATION_: `OAuth2::Client` - `:extract_access_token` option is deprecated
|
|
70
84
|
### Fixed
|
|
@@ -277,5 +291,6 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
|
|
|
277
291
|
[2.0.2]: https://github.com/oauth-xx/oauth2/compare/v2.0.1...v2.0.2
|
|
278
292
|
[2.0.3]: https://github.com/oauth-xx/oauth2/compare/v2.0.2...v2.0.3
|
|
279
293
|
[2.0.4]: https://github.com/oauth-xx/oauth2/compare/v2.0.3...v2.0.4
|
|
280
|
-
[
|
|
294
|
+
[2.0.5]: https://github.com/oauth-xx/oauth2/compare/v2.0.4...v2.0.5
|
|
295
|
+
[Unreleased]: https://github.com/oauth-xx/oauth2/compare/v2.0.5...HEAD
|
|
281
296
|
[gemfiles/readme]: gemfiles/README.md
|
data/README.md
CHANGED
|
@@ -257,6 +257,12 @@ For more see [SECURITY.md][🚎sec-pol].
|
|
|
257
257
|
- `:access_token_class` (`AccessToken`); user specified class to use for all calls to `get_token`
|
|
258
258
|
- Adds new option to `OAuth2::AccessToken#initialize`:
|
|
259
259
|
- `:expires_latency` (`nil`); number of seconds by which AccessToken validity will be reduced to offset latency
|
|
260
|
+
- By default, keys are transformed to camel case.
|
|
261
|
+
- Original keys will still work as previously, in most scenarios, thanks to `rash_alt` gem.
|
|
262
|
+
- However, this is a _breaking_ change if you rely on `response.parsed.to_h`, as the keys in the result will be camel case.
|
|
263
|
+
- As of version 2.0.4 you can turn key transformation off with the `snaky: false` option.
|
|
264
|
+
- By default, the `:auth_scheme` is now `:basic_auth` (instead of `:request_body`)
|
|
265
|
+
- Third-party strategies and gems may need to be updated if a provider was requiring client id/secret in the request body
|
|
260
266
|
- [... A lot more](https://github.com/oauth-xx/oauth2/blob/master/CHANGELOG.md#2.0.0)
|
|
261
267
|
|
|
262
268
|
## Compatibility
|
|
@@ -517,7 +523,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
|
|
|
517
523
|
|
|
518
524
|
See [CONTRIBUTING.md][contributing]
|
|
519
525
|
|
|
520
|
-
[contributing]: https://github.com/oauth-xx/oauth2/blob/
|
|
526
|
+
[contributing]: https://github.com/oauth-xx/oauth2/blob/master/CONTRIBUTING.md
|
|
521
527
|
|
|
522
528
|
## Contributors
|
|
523
529
|
|
data/lib/oauth2/access_token.rb
CHANGED
|
@@ -8,12 +8,18 @@ module OAuth2
|
|
|
8
8
|
class << self
|
|
9
9
|
# Initializes an AccessToken from a Hash
|
|
10
10
|
#
|
|
11
|
-
# @param
|
|
12
|
-
# @param
|
|
11
|
+
# @param [Client] client the OAuth2::Client instance
|
|
12
|
+
# @param [Hash] hash a hash of AccessToken property values
|
|
13
|
+
# @option hash [String] 'access_token', 'id_token', 'token', :access_token, :id_token, or :token the access token
|
|
13
14
|
# @return [AccessToken] the initialized AccessToken
|
|
14
15
|
def from_hash(client, hash)
|
|
15
16
|
hash = hash.dup
|
|
16
|
-
|
|
17
|
+
token = hash.delete('access_token') || hash.delete(:access_token) ||
|
|
18
|
+
hash.delete('id_token') || hash.delete(:id_token) ||
|
|
19
|
+
hash.delete('token') || hash.delete(:token) ||
|
|
20
|
+
hash.delete('accessToken') || hash.delete(:accessToken) ||
|
|
21
|
+
hash.delete('idToken') || hash.delete(:idToken)
|
|
22
|
+
new(client, token, hash)
|
|
17
23
|
end
|
|
18
24
|
|
|
19
25
|
# Initializes an AccessToken from a key/value application/x-www-form-urlencoded string
|
|
@@ -24,10 +30,6 @@ module OAuth2
|
|
|
24
30
|
def from_kvform(client, kvform)
|
|
25
31
|
from_hash(client, Rack::Utils.parse_query(kvform))
|
|
26
32
|
end
|
|
27
|
-
|
|
28
|
-
def contains_token?(hash)
|
|
29
|
-
hash.key?('access_token') || hash.key?('id_token') || hash.key?('token')
|
|
30
|
-
end
|
|
31
33
|
end
|
|
32
34
|
|
|
33
35
|
# Initialize an AccessToken
|
|
@@ -47,6 +49,11 @@ module OAuth2
|
|
|
47
49
|
def initialize(client, token, opts = {})
|
|
48
50
|
@client = client
|
|
49
51
|
@token = token.to_s
|
|
52
|
+
|
|
53
|
+
if @client.options[:raise_errors] && (@token.nil? || @token.empty?)
|
|
54
|
+
error = Error.new(opts)
|
|
55
|
+
raise(error)
|
|
56
|
+
end
|
|
50
57
|
opts = opts.dup
|
|
51
58
|
%i[refresh_token expires_in expires_at expires_latency].each do |arg|
|
|
52
59
|
instance_variable_set("@#{arg}", opts.delete(arg) || opts.delete(arg.to_s))
|
|
@@ -95,7 +102,11 @@ module OAuth2
|
|
|
95
102
|
params[:refresh_token] = refresh_token
|
|
96
103
|
new_token = @client.get_token(params, access_token_opts)
|
|
97
104
|
new_token.options = options
|
|
98
|
-
|
|
105
|
+
if new_token.refresh_token
|
|
106
|
+
# Keep it, if there is one
|
|
107
|
+
else
|
|
108
|
+
new_token.refresh_token = refresh_token
|
|
109
|
+
end
|
|
99
110
|
new_token
|
|
100
111
|
end
|
|
101
112
|
# A compatibility alias
|
data/lib/oauth2/client.rb
CHANGED
|
@@ -165,10 +165,13 @@ module OAuth2
|
|
|
165
165
|
end
|
|
166
166
|
end.to_h
|
|
167
167
|
|
|
168
|
+
parse = params.key?(:parse) ? params.delete(:parse) : Response::DEFAULT_OPTIONS[:parse]
|
|
169
|
+
snaky = params.key?(:snaky) ? params.delete(:snaky) : Response::DEFAULT_OPTIONS[:snaky]
|
|
170
|
+
|
|
168
171
|
request_opts = {
|
|
169
172
|
raise_errors: options[:raise_errors],
|
|
170
|
-
parse:
|
|
171
|
-
snaky:
|
|
173
|
+
parse: parse,
|
|
174
|
+
snaky: snaky,
|
|
172
175
|
}
|
|
173
176
|
params = authenticator.apply(params)
|
|
174
177
|
headers = params.delete(:headers) || {}
|
|
@@ -266,8 +269,8 @@ module OAuth2
|
|
|
266
269
|
raise TimeoutError, e
|
|
267
270
|
end
|
|
268
271
|
|
|
269
|
-
parse = opts.
|
|
270
|
-
snaky = opts.
|
|
272
|
+
parse = opts.key?(:parse) ? opts.delete(:parse) : Response::DEFAULT_OPTIONS[:parse]
|
|
273
|
+
snaky = opts.key?(:snaky) ? opts.delete(:snaky) : Response::DEFAULT_OPTIONS[:snaky]
|
|
271
274
|
|
|
272
275
|
Response.new(response, parse: parse, snaky: snaky)
|
|
273
276
|
end
|
|
@@ -296,7 +299,7 @@ module OAuth2
|
|
|
296
299
|
access_token_class = options[:access_token_class]
|
|
297
300
|
data = response.parsed
|
|
298
301
|
|
|
299
|
-
unless data.is_a?(Hash) &&
|
|
302
|
+
unless data.is_a?(Hash) && !data.empty?
|
|
300
303
|
return unless options[:raise_errors]
|
|
301
304
|
|
|
302
305
|
error = Error.new(response)
|
data/lib/oauth2/error.rb
CHANGED
|
@@ -2,21 +2,29 @@
|
|
|
2
2
|
|
|
3
3
|
module OAuth2
|
|
4
4
|
class Error < StandardError
|
|
5
|
-
attr_reader :response, :code, :description
|
|
5
|
+
attr_reader :response, :body, :code, :description
|
|
6
6
|
|
|
7
7
|
# standard error codes include:
|
|
8
8
|
# 'invalid_request', 'invalid_client', 'invalid_token', 'invalid_grant', 'unsupported_grant_type', 'invalid_scope'
|
|
9
|
+
# response might be a Response object, or the response.parsed hash
|
|
9
10
|
def initialize(response)
|
|
10
11
|
@response = response
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
12
|
+
if response.respond_to?(:parsed)
|
|
13
|
+
if response.parsed.is_a?(Hash)
|
|
14
|
+
@code = response.parsed['error']
|
|
15
|
+
@description = response.parsed['error_description']
|
|
16
|
+
end
|
|
17
|
+
elsif response.is_a?(Hash)
|
|
18
|
+
@code = response['error']
|
|
19
|
+
@description = response['error_description']
|
|
17
20
|
end
|
|
18
|
-
|
|
19
|
-
|
|
21
|
+
@body = if response.respond_to?(:body)
|
|
22
|
+
response.body
|
|
23
|
+
else
|
|
24
|
+
@response
|
|
25
|
+
end
|
|
26
|
+
message_opts = parse_error_description(@code, @description)
|
|
27
|
+
super(error_message(@body, message_opts))
|
|
20
28
|
end
|
|
21
29
|
|
|
22
30
|
private
|
|
@@ -80,7 +80,7 @@ module OAuth2
|
|
|
80
80
|
assertion = build_assertion(claims, encoding_opts)
|
|
81
81
|
params = build_request(assertion, request_opts)
|
|
82
82
|
|
|
83
|
-
@client.get_token(params, response_opts
|
|
83
|
+
@client.get_token(params, response_opts)
|
|
84
84
|
end
|
|
85
85
|
|
|
86
86
|
private
|
|
@@ -25,7 +25,7 @@ module OAuth2
|
|
|
25
25
|
#
|
|
26
26
|
# @param [String] code The Authorization Code value
|
|
27
27
|
# @param [Hash] params additional params
|
|
28
|
-
# @param [Hash] opts
|
|
28
|
+
# @param [Hash] opts access_token_opts, @see Client#get_token
|
|
29
29
|
# @note that you must also provide a :redirect_uri with most OAuth 2.0 providers
|
|
30
30
|
def get_token(code, params = {}, opts = {})
|
|
31
31
|
params = {'grant_type' => 'authorization_code', 'code' => code}.merge(@client.redirection_params).merge(params)
|
|
@@ -19,7 +19,7 @@ module OAuth2
|
|
|
19
19
|
# @param [Hash] opts options
|
|
20
20
|
def get_token(params = {}, opts = {})
|
|
21
21
|
params = params.merge('grant_type' => 'client_credentials')
|
|
22
|
-
@client.get_token(params, opts
|
|
22
|
+
@client.get_token(params, opts)
|
|
23
23
|
end
|
|
24
24
|
end
|
|
25
25
|
end
|
data/lib/oauth2/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: oauth2
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.0.
|
|
4
|
+
version: 2.0.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Peter Boling
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: exe
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2022-07-
|
|
13
|
+
date: 2022-07-07 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: faraday
|
|
@@ -307,10 +307,10 @@ licenses:
|
|
|
307
307
|
- MIT
|
|
308
308
|
metadata:
|
|
309
309
|
homepage_uri: https://github.com/oauth-xx/oauth2
|
|
310
|
-
source_code_uri: https://github.com/oauth-xx/oauth2/tree/v2.0.
|
|
311
|
-
changelog_uri: https://github.com/oauth-xx/oauth2/blob/v2.0.
|
|
310
|
+
source_code_uri: https://github.com/oauth-xx/oauth2/tree/v2.0.5
|
|
311
|
+
changelog_uri: https://github.com/oauth-xx/oauth2/blob/v2.0.5/CHANGELOG.md
|
|
312
312
|
bug_tracker_uri: https://github.com/oauth-xx/oauth2/issues
|
|
313
|
-
documentation_uri: https://www.rubydoc.info/gems/oauth2/2.0.
|
|
313
|
+
documentation_uri: https://www.rubydoc.info/gems/oauth2/2.0.5
|
|
314
314
|
wiki_uri: https://github.com/oauth-xx/oauth2/wiki
|
|
315
315
|
rubygems_mfa_required: 'true'
|
|
316
316
|
post_install_message: |2+
|