oauth_im 0.7.1 → 0.7.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +36 -9
- data/app/services/oauth_im/client.rb +14 -4
- data/lib/oauth_im/configuration.rb +14 -9
- data/lib/oauth_im/version.rb +1 -1
- data/lib/oauth_im.rb +7 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 85fc483377f0cf348af3a8399c70fec84395915203cb6bfa203f7d147eedb7d6
|
|
4
|
+
data.tar.gz: 40f90809e1e7405640098732aa41ac1ab96771230d9721d22f41ebfed3b19e74
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ec6f87a823e4ea3c8bd51bfc6ef09d65908840282c9228d88b78e98f686933c8eaaf2b0d844e0b2967bbed54e271f9f4c5c3b27cd7d4824b52539007018bbf29
|
|
7
|
+
data.tar.gz: dfbb145b3cf8658853b41f7d86e62024f957a21a5f6a99b69a9f682e49ad839734ab629c4a5d9ced89a53265726de029724645710dee9efa42760a0650bf2dd8
|
data/README.md
CHANGED
|
@@ -23,20 +23,39 @@ Once the gem is installed, add an initializer. Here is an example:
|
|
|
23
23
|
# config/initializers/oauth_im.rb
|
|
24
24
|
module OauthIm
|
|
25
25
|
configure do |config|
|
|
26
|
-
|
|
27
|
-
|
|
26
|
+
#####################################
|
|
27
|
+
# these routes are local to the app #
|
|
28
|
+
#####################################
|
|
29
|
+
config.authorize_url = ENV.fetch 'FUSION_AUTH_AUTHORIZE_URL', DEFAULT_AUTHORIZE_URL
|
|
30
|
+
config.callback_route = ENV.fetch 'FUSION_CALLBACK_ROUTE', DEFAULT_CALLBACK_ROUTE
|
|
31
|
+
config.token_url = ENV.fetch 'FUSION_AUTH_TOKEN_URL', DEFAULT_TOKEN_URL
|
|
32
|
+
|
|
33
|
+
##############################################
|
|
34
|
+
# identity provider url (e.g., fusion auth): #
|
|
35
|
+
##############################################
|
|
36
|
+
config.idp_url = ENV.fetch 'FUSION_AUTH_IDP_URL', DEFAULT_IDP_URL
|
|
37
|
+
|
|
38
|
+
################################################
|
|
39
|
+
# Issuer domain: find on FA tenant General tab #
|
|
40
|
+
################################################
|
|
41
|
+
config.iss_domain = ENV.fetch 'FUSION_AUTH_ISS_DOMAIN', DEFAULT_ISS_DOMAIN
|
|
42
|
+
|
|
43
|
+
###############################
|
|
44
|
+
# on FA application OAuth tab #
|
|
45
|
+
###############################
|
|
28
46
|
config.client_id = ENV['FUSION_AUTH_CLIENT_ID']
|
|
29
47
|
config.client_secret = ENV['FUSION_AUTH_CLIENT_SECRET']
|
|
30
|
-
|
|
48
|
+
|
|
49
|
+
###################################################################################
|
|
50
|
+
# View default signing key: https://illustrativemath-dev.fusionauth.io/admin/key/ #
|
|
51
|
+
###################################################################################
|
|
31
52
|
config.hmac = ENV['FUSION_AUTH_HMAC']
|
|
32
|
-
config.iss_domain = ENV['FUSION_AUTH_ISS_DOMAIN']
|
|
33
|
-
config.authorize_url = ENV['FUSION_AUTH_AUTHORIZE_URL'] || DEFAULT_AUTHORIZE_URL
|
|
34
|
-
config.token_url = ENV['FUSION_AUTH_TOKEN_URL'] || DEFAULT_TOKEN_URL
|
|
35
53
|
end
|
|
36
54
|
end
|
|
37
55
|
```
|
|
38
56
|
|
|
39
57
|
* The `ENV` variable values can be obtained from the OAuth provider.
|
|
58
|
+
* Here is [an article at FusionAuth](https://fusionauth.io/blog/2020/12/14/how-to-securely-implement-oauth-rails) describing many of these settings.
|
|
40
59
|
* The `callback_route` setting is used in two related ways:
|
|
41
60
|
* It [defines a route](https://github.com/illustrativemathematics/oauth_im/blob/main/config/routes.rb#L4) to the [`OAuthIm::ClientController#callback`
|
|
42
61
|
action](https://github.com/illustrativemathematics/oauth_im/blob/main/app/controllers/oauth_im/client_controller.rb#L7-L12).
|
|
@@ -54,9 +73,9 @@ end
|
|
|
54
73
|
The engine provides [two endpoints](https://github.com/illustrativemathematics/oauth_im/blob/main/config/routes.rb#L5-L6) for logging in and out, and exposes
|
|
55
74
|
corresponding view helpers. These are accessible from the main app as:
|
|
56
75
|
|
|
57
|
-
| path
|
|
58
|
-
|
|
59
|
-
| `oauth_im.login_path`
|
|
76
|
+
| path | url |
|
|
77
|
+
|------------------------|-----------------------|
|
|
78
|
+
| `oauth_im.login_path` | `oauth_im.login_url` |
|
|
60
79
|
| `oauth_im.logout_path` | `oauth_im.logout_url` |
|
|
61
80
|
|
|
62
81
|
* Note that the helpers are namespaced to the engine.
|
|
@@ -123,6 +142,14 @@ After many false starts, this repo includes two (seemingly functional) github wo
|
|
|
123
142
|
you.
|
|
124
143
|
|
|
125
144
|
## Version History
|
|
145
|
+
### 0.7.4
|
|
146
|
+
* Use https protocol for callback in production; http otherwise
|
|
147
|
+
|
|
148
|
+
### 0.7.3
|
|
149
|
+
* Cleaned up configuration
|
|
150
|
+
|
|
151
|
+
### 0.7.2
|
|
152
|
+
* Using :http protocol in tests (not https)
|
|
126
153
|
|
|
127
154
|
### 0.7.1
|
|
128
155
|
* Improving separation of concerns by way of a separate service object to manage oauth client.
|
|
@@ -13,7 +13,7 @@ module OauthIm
|
|
|
13
13
|
end
|
|
14
14
|
|
|
15
15
|
def logout_url
|
|
16
|
-
@logout_url ||= "#{
|
|
16
|
+
@logout_url ||= "#{idp_url}/oauth2/logout" \
|
|
17
17
|
"?post_logout_redirect_uri=#{return_to_url}" \
|
|
18
18
|
"&client_id=#{client_id}"
|
|
19
19
|
end
|
|
@@ -26,7 +26,7 @@ module OauthIm
|
|
|
26
26
|
|
|
27
27
|
delegate :host_with_port, :params, to: :request
|
|
28
28
|
delegate :configuration, to: OauthIm
|
|
29
|
-
delegate :authorize_url, :
|
|
29
|
+
delegate :authorize_url, :token_url, :idp_url, :client_id, :client_secret,
|
|
30
30
|
to: :configuration
|
|
31
31
|
delegate :auth_code, to: :oauth_client
|
|
32
32
|
|
|
@@ -39,7 +39,17 @@ module OauthIm
|
|
|
39
39
|
end
|
|
40
40
|
|
|
41
41
|
def redirect_url
|
|
42
|
-
@redirect_url ||=
|
|
42
|
+
@redirect_url ||=
|
|
43
|
+
Engine.routes.url_helpers.callback_url callback_url_params
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
def callback_url_params
|
|
47
|
+
@callback_url_params ||= { host: host_with_port,
|
|
48
|
+
protocol: protocol }.freeze
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
def protocol
|
|
52
|
+
@protocol ||= Rails.env.production? ? :https : :http
|
|
43
53
|
end
|
|
44
54
|
|
|
45
55
|
def decoded_token
|
|
@@ -54,7 +64,7 @@ module OauthIm
|
|
|
54
64
|
@oauth_client ||= ::OAuth2::Client.new client_id,
|
|
55
65
|
client_secret,
|
|
56
66
|
authorize_url: authorize_url,
|
|
57
|
-
site:
|
|
67
|
+
site: idp_url,
|
|
58
68
|
token_url: token_url,
|
|
59
69
|
redirect_uri: redirect_url
|
|
60
70
|
end
|
|
@@ -1,16 +1,21 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
+
########################################################################################
|
|
4
|
+
# edc: see https://fusionauth.io/blog/2020/12/14/how-to-securely-implement-oauth-rails #
|
|
5
|
+
########################################################################################
|
|
6
|
+
|
|
3
7
|
module OauthIm
|
|
4
8
|
CONFIGURABLE_FIELDS =
|
|
5
|
-
%i[
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
9
|
+
%i[
|
|
10
|
+
authorize_url
|
|
11
|
+
callback_route
|
|
12
|
+
token_url
|
|
13
|
+
idp_url
|
|
14
|
+
iss_domain
|
|
15
|
+
client_id
|
|
16
|
+
client_secret
|
|
17
|
+
hmac
|
|
18
|
+
].freeze
|
|
14
19
|
|
|
15
20
|
class Configuration
|
|
16
21
|
attr_reader(* CONFIGURABLE_FIELDS)
|
data/lib/oauth_im/version.rb
CHANGED
data/lib/oauth_im.rb
CHANGED
|
@@ -1,13 +1,19 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
+
########################################################################################
|
|
4
|
+
# edc: see https://fusionauth.io/blog/2020/12/14/how-to-securely-implement-oauth-rails #
|
|
5
|
+
########################################################################################
|
|
6
|
+
|
|
3
7
|
require 'oauth_im/version'
|
|
4
8
|
require 'oauth_im/engine'
|
|
5
9
|
require 'oauth_im/configuration'
|
|
6
10
|
|
|
7
11
|
module OauthIm
|
|
8
12
|
DEFAULT_AUTHORIZE_URL = '/oauth2/authorize'
|
|
9
|
-
DEFAULT_TOKEN_URL = '/oauth2/token'
|
|
10
13
|
DEFAULT_CALLBACK_ROUTE = 'callback'
|
|
14
|
+
DEFAULT_TOKEN_URL = '/oauth2/token'
|
|
15
|
+
DEFAULT_IDP_URL = 'https://illustrativemath-dev.fusionauth.io'
|
|
16
|
+
DEFAULT_ISS_DOMAIN = 'illustrativemathematics.org'
|
|
11
17
|
|
|
12
18
|
class << self
|
|
13
19
|
attr_reader :configuration
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: oauth_im
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.7.
|
|
4
|
+
version: 0.7.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Eric Connally
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-05-
|
|
11
|
+
date: 2022-05-24 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: jwt
|