oauth2 1.2.0 → 1.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 64323d2b66a74a3aba80fa955d23d280e64ede95
-  data.tar.gz: b5d9c12d616a0ccd67d15eed3b887cd6b1e174ec
+  metadata.gz: 0de0695b29bf1d20066a08a8536d70a9bea3e827
+  data.tar.gz: 184943366118bf412220fbde4ac0d1becdfa2055
 SHA512:
-  metadata.gz: d0c36b6f6f2a2b8db5d8aae0f7897ffa6de5321ee06064f757f523ca144a119befde42d13943f4507848999adc0f68b011534ddd64258210dbabbcfa6c83e34b
-  data.tar.gz: 8aef0531493683b4b9fc390a545e297e1107611d76363486acc473925264337438992b3f7b288a546e17685a7d198e306fc8b2d4f3dc153c1acd1f20f7e6cca7
+  metadata.gz: 8fe7c101b47debe6489b4bad62211d774079f599749fcc7e36fddd076f305db8ae3baab500877656a5a698b1484da1467d3a9b60fff07b9520d9cc314e542f8b
+  data.tar.gz: da02d83327a1c147bd6cf28cc416bcb4c82168c723f17871fcc1a3b16cb42e35726672055a2829234d6e8b565e1d576fc339b747467f38f728e9559cb087b3cc

data/lib/oauth2.rb

@@ -1,4 +1,5 @@
 require 'oauth2/error'
+require 'oauth2/authenticator'
 require 'oauth2/client'
 require 'oauth2/strategy/base'
 require 'oauth2/strategy/auth_code'

data/lib/oauth2/access_token.rb

@@ -81,8 +81,6 @@ module OAuth2
     # @note options should be carried over to the new AccessToken
     def refresh!(params = {})
       raise('A refresh_token is not available') unless refresh_token
-      params[:client_id] = @client.id
-      params[:client_secret] = @client.secret
       params[:grant_type] = 'refresh_token'
       params[:refresh_token] = refresh_token
       new_token = @client.get_token(params)
@@ -105,7 +103,7 @@ module OAuth2
     # @param [Hash] opts the options to make the request with
     # @see Client#request
     def request(verb, path, opts = {}, &block)
-      self.token = opts
+      configure_authentication!(opts)
       @client.request(verb, path, opts, &block)
     end
 
@@ -151,7 +149,7 @@ module OAuth2
 
   private
 
-    def token=(opts) # rubocop:disable MethodLength, Metrics/AbcSize
+    def configure_authentication!(opts) # rubocop:disable MethodLength, Metrics/AbcSize
       case options[:mode]
       when :header
         opts[:headers] ||= {}

data/lib/oauth2/authenticator.rb

@@ -0,0 +1,58 @@
+require 'base64'
+
+module OAuth2
+  class Authenticator
+    attr_reader :mode, :id, :secret
+
+    def initialize(id, secret, mode)
+      @id = id
+      @secret = secret
+      @mode = mode
+    end
+
+    # Apply the request credentials used to authenticate to the Authorization Server
+    #
+    # Depending on configuration, this might be as request params or as an
+    # Authorization header.
+    #
+    # User-provided params and header take precedence.
+    #
+    # @param [Hash] params a Hash of params for the token endpoint
+    # @return [Hash] params amended with appropriate authentication details
+    def apply(params)
+      case mode.to_sym
+      when :basic_auth
+        apply_basic_auth(params)
+      when :request_body
+        apply_params_auth(params)
+      else
+        raise NotImplementedError
+      end
+    end
+
+    def self.encode_basic_auth(user, password)
+      'Basic ' + Base64.encode64(user + ':' + password).delete("\n")
+    end
+
+  private
+
+    # Adds client_id and client_secret request parameters if they are not
+    # already set.
+    def apply_params_auth(params)
+      {'client_id' => id, 'client_secret' => secret}.merge(params)
+    end
+
+    # Adds an `Authorization` header with Basic Auth credentials if and only if
+    # it is not already set in the params.
+    def apply_basic_auth(params)
+      headers = params.fetch(:headers, {})
+      headers = basic_auth_header.merge(headers)
+      params.merge(:headers => headers)
+    end
+
+    # @see https://tools.ietf.org/html/rfc2617#section-2
+    def basic_auth_header
+      {'Authorization' => self.class.encode_basic_auth(id, secret)}
+    end
+  end
+end

data/lib/oauth2/client.rb

@@ -3,7 +3,7 @@ require 'logger'
 
 module OAuth2
   # The OAuth2::Client class
-  class Client
+  class Client # rubocop:disable Metrics/ClassLength
     attr_reader :id, :secret, :site
     attr_accessor :options
     attr_writer :connection
@@ -16,9 +16,11 @@ module OAuth2
     # @param [String] client_secret the client_secret value
     # @param [Hash] opts the options to create the client with
     # @option opts [String] :site the OAuth2 provider site host
+    # @option opts [String] :redirect_uri the absolute URI to the Redirection Endpoint for use in authorization grants and token exchange
     # @option opts [String] :authorize_url ('/oauth/authorize') absolute or relative URL path to the Authorization endpoint
     # @option opts [String] :token_url ('/oauth/token') absolute or relative URL path to the Token endpoint
     # @option opts [Symbol] :token_method (:post) HTTP method to use to request token (:get or :post)
+    # @option opts [Symbol] :auth_scheme (:basic_auth) HTTP method to use to authorize request (:basic_auth or :request_body)
     # @option opts [Hash] :connection_opts ({}) Hash of connection options to pass to initialize Faraday with
     # @option opts [FixNum] :max_redirects (5) maximum number of redirects to follow
     # @option opts [Boolean] :raise_errors (true) whether or not to raise an OAuth2::Error
@@ -33,6 +35,7 @@ module OAuth2
       @options = {:authorize_url    => '/oauth/authorize',
                   :token_url        => '/oauth/token',
                   :token_method     => :post,
+                  :auth_scheme      => :request_body,
                   :connection_opts  => {},
                   :connection_build => block,
                   :max_redirects    => 5,
@@ -52,9 +55,11 @@ module OAuth2
     def connection
       @connection ||= begin
         conn = Faraday.new(site, options[:connection_opts])
-        conn.build do |b|
-          options[:connection_build].call(b)
-        end if options[:connection_build]
+        if options[:connection_build]
+          conn.build do |b|
+            options[:connection_build].call(b)
+          end
+        end
         conn
       end
     end
@@ -62,7 +67,8 @@ module OAuth2
     # The authorize endpoint URL of the OAuth2 provider
     #
     # @param [Hash] params additional query parameters
-    def authorize_url(params = nil)
+    def authorize_url(params = {})
+      params = (params || {}).merge(redirection_params)
       connection.build_url(options[:authorize_url], params).to_s
     end
 
@@ -125,19 +131,23 @@ module OAuth2
     # @param [Hash] access token options, to pass to the AccessToken object
     # @param [Class] class of access token for easier subclassing OAuth2::AccessToken
     # @return [AccessToken] the initalized AccessToken
-    def get_token(params, access_token_opts = {}, access_token_class = AccessToken) # rubocop:disable Metrics/AbcSize
+    def get_token(params, access_token_opts = {}, access_token_class = AccessToken) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
+      params = Authenticator.new(id, secret, options[:auth_scheme]).apply(params)
       opts = {:raise_errors => options[:raise_errors], :parse => params.delete(:parse)}
+      headers = params.delete(:headers) || {}
       if options[:token_method] == :post
-        headers = params.delete(:headers)
         opts[:body] = params
         opts[:headers] = {'Content-Type' => 'application/x-www-form-urlencoded'}
-        opts[:headers].merge!(headers) if headers
       else
         opts[:params] = params
+        opts[:headers] = {}
       end
+      opts[:headers].merge!(headers)
       response = request(options[:token_method], token_url, opts)
-      error = Error.new(response)
-      raise(error) if options[:raise_errors] && !(response.parsed.is_a?(Hash) && response.parsed['access_token'])
+      if options[:raise_errors] && !(response.parsed.is_a?(Hash) && response.parsed['access_token'])
+        error = Error.new(response)
+        raise(error)
+      end
       access_token_class.from_hash(self, response.parsed.merge(access_token_opts))
     end
 
@@ -172,5 +182,29 @@ module OAuth2
     def assertion
       @assertion ||= OAuth2::Strategy::Assertion.new(self)
     end
+
+    # The redirect_uri parameters, if configured
+    #
+    # The redirect_uri query parameter is OPTIONAL (though encouraged) when
+    # requesting authorization. If it is provided at authorization time it MUST
+    # also be provided with the token exchange request.
+    #
+    # Providing the :redirect_uri to the OAuth2::Client instantiation will take
+    # care of managing this.
+    #
+    # @api semipublic
+    #
+    # @see https://tools.ietf.org/html/rfc6749#section-4.1
+    # @see https://tools.ietf.org/html/rfc6749#section-4.1.3
+    # @see https://tools.ietf.org/html/rfc6749#section-4.2.1
+    # @see https://tools.ietf.org/html/rfc6749#section-10.6
+    # @return [Hash] the params to add to a request or URL
+    def redirection_params
+      if options[:redirect_uri]
+        {'redirect_uri' => options[:redirect_uri]}
+      else
+        {}
+      end
+    end
   end
 end

data/lib/oauth2/error.rb

@@ -27,7 +27,7 @@ module OAuth2
 
       error_message = if opts[:error_description] && opts[:error_description].respond_to?(:encoding)
                         script_encoding = opts[:error_description].encoding
-                        response_body.encode(script_encoding)
+                        response_body.encode(script_encoding, :invalid => :replace, :undef => :replace)
                       else
                         response_body
                       end

data/lib/oauth2/response.rb

@@ -27,7 +27,7 @@ module OAuth2
     # Adds a new content type parser.
     #
     # @param [Symbol] key A descriptive symbol key such as :json or :query.
-    # @param [Array] One or more mime types to which this parser applies.
+    # @param [Array] mime_types One or more mime types to which this parser applies.
     # @yield [String] A block returning parsed content.
     def self.register_parser(key, mime_types, &block)
       key = key.to_sym

data/lib/oauth2/strategy/assertion.rb

@@ -54,7 +54,7 @@ module OAuth2
           :assertion_type => 'urn:ietf:params:oauth:grant-type:jwt-bearer',
           :assertion      => assertion,
           :scope          => params[:scope],
-        }.merge(client_params)
+        }
       end
 
       def build_assertion(params)

data/lib/oauth2/strategy/auth_code.rb

@@ -25,7 +25,8 @@ module OAuth2
       # @param [Hash] opts options
       # @note that you must also provide a :redirect_uri with most OAuth 2.0 providers
       def get_token(code, params = {}, opts = {})
-        params = {'grant_type' => 'authorization_code', 'code' => code}.merge(client_params).merge(params)
+        params = {'grant_type' => 'authorization_code', 'code' => code}.merge(@client.redirection_params).merge(params)
+
         @client.get_token(params, opts)
       end
     end

data/lib/oauth2/strategy/base.rb

@@ -4,13 +4,6 @@ module OAuth2
       def initialize(client)
         @client = client
       end
-
-      # The OAuth client_id and client_secret
-      #
-      # @return [Hash]
-      def client_params
-        {'client_id' => @client.id, 'client_secret' => @client.secret}
-      end
     end
   end
 end

data/lib/oauth2/strategy/client_credentials.rb

@@ -1,5 +1,3 @@
-require 'base64'
-
 module OAuth2
   module Strategy
     # The Client Credentials Strategy
@@ -18,19 +16,9 @@ module OAuth2
       # @param [Hash] params additional params
       # @param [Hash] opts options
       def get_token(params = {}, opts = {})
-        request_body = opts.delete('auth_scheme') == 'request_body'
-        params['grant_type'] = 'client_credentials'
-        params.merge!(request_body ? client_params : {:headers => {'Authorization' => authorization(client_params['client_id'], client_params['client_secret'])}})
+        params = params.merge('grant_type' => 'client_credentials')
         @client.get_token(params, opts.merge('refresh_token' => nil))
       end
-
-      # Returns the Authorization header value for Basic Authentication
-      #
-      # @param [String] The client ID
-      # @param [String] the client secret
-      def authorization(client_id, client_secret)
-        'Basic ' + Base64.encode64(client_id + ':' + client_secret).delete("\n")
-      end
     end
   end
 end

data/lib/oauth2/strategy/password.rb

@@ -19,7 +19,7 @@ module OAuth2
       def get_token(username, password, params = {}, opts = {})
         params = {'grant_type' => 'password',
                   'username'   => username,
-                  'password'   => password}.merge(client_params).merge(params)
+                  'password'   => password}.merge(params)
         @client.get_token(params, opts)
       end
     end

data/lib/oauth2/version.rb

@@ -13,7 +13,7 @@ module OAuth2
     #
     # @return [Integer]
     def minor
-      2
+      3
     end
 
     # The patch version

data/oauth2.gemspec

@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'oauth2/version'
 
 Gem::Specification.new do |spec|
-  spec.add_dependency 'faraday', ['>= 0.8', '< 0.10']
+  spec.add_dependency 'faraday', ['>= 0.8', '< 0.11']
   spec.add_dependency 'jwt', '~> 1.0'
   spec.add_dependency 'multi_json', '~> 1.3'
   spec.add_dependency 'multi_xml', '~> 0.5'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: oauth2
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.3.0
 platform: ruby
 authors:
 - Michael Bleigh
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-07-01 00:00:00.000000000 Z
+date: 2016-12-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -20,7 +20,7 @@ dependencies:
         version: '0.8'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '0.10'
+        version: '0.11'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -30,7 +30,7 @@ dependencies:
         version: '0.8'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '0.10'
+        version: '0.11'
 - !ruby/object:Gem::Dependency
   name: jwt
   requirement: !ruby/object:Gem::Requirement
@@ -122,6 +122,7 @@ files:
 - README.md
 - lib/oauth2.rb
 - lib/oauth2/access_token.rb
+- lib/oauth2/authenticator.rb
 - lib/oauth2/client.rb
 - lib/oauth2/error.rb
 - lib/oauth2/mac_token.rb
@@ -154,9 +155,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 1.3.5
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.5
+rubygems_version: 2.5.2
 signing_key: 
 specification_version: 4
 summary: A Ruby wrapper for the OAuth 2.0 protocol.
 test_files: []
-has_rdoc: