oauth_im 0.7.2 → 0.7.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +31 -9
- data/app/services/oauth_im/client.rb +3 -3
- data/lib/oauth_im/configuration.rb +14 -9
- data/lib/oauth_im/version.rb +1 -1
- data/lib/oauth_im.rb +7 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f4b28f51bcd7b2893dd52780a267678fab317eb70feefa6d3ab9d714cad45834
|
|
4
|
+
data.tar.gz: c605bb66ede19ea12e1e124f12164d3cee63358d24a0bd0971693732e96b380f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a61461548d89152f21df67bdafc810ff7e38826e070a61185a5b557c28c42d3477fc92acf1de2e256d0a6349a1a8c6923248bda1586c7303fe5f77aa5d1a2c4f
|
|
7
|
+
data.tar.gz: 3c4db160ded76f36e56ed22791f404741b43cc1b204c8221f09852c0ab3ca71b7c9cbd0ed28a5a0d298b7d855becc841efb768e5578359057db8d8cc062208d3
|
data/README.md
CHANGED
|
@@ -23,20 +23,39 @@ Once the gem is installed, add an initializer. Here is an example:
|
|
|
23
23
|
# config/initializers/oauth_im.rb
|
|
24
24
|
module OauthIm
|
|
25
25
|
configure do |config|
|
|
26
|
-
|
|
27
|
-
|
|
26
|
+
#####################################
|
|
27
|
+
# these routes are local to the app #
|
|
28
|
+
#####################################
|
|
29
|
+
config.authorize_url = ENV.fetch 'FUSION_AUTH_AUTHORIZE_URL', DEFAULT_AUTHORIZE_URL
|
|
30
|
+
config.callback_route = ENV.fetch 'FUSION_CALLBACK_ROUTE', DEFAULT_CALLBACK_ROUTE
|
|
31
|
+
config.token_url = ENV.fetch 'FUSION_AUTH_TOKEN_URL', DEFAULT_TOKEN_URL
|
|
32
|
+
|
|
33
|
+
##############################################
|
|
34
|
+
# identity provider url (e.g., fusion auth): #
|
|
35
|
+
##############################################
|
|
36
|
+
config.idp_url = ENV.fetch 'FUSION_AUTH_IDP_URL', DEFAULT_IDP_URL
|
|
37
|
+
|
|
38
|
+
################################################
|
|
39
|
+
# Issuer domain: find on FA tenant General tab #
|
|
40
|
+
################################################
|
|
41
|
+
config.iss_domain = ENV.fetch 'FUSION_AUTH_ISS_DOMAIN', DEFAULT_ISS_DOMAIN
|
|
42
|
+
|
|
43
|
+
###############################
|
|
44
|
+
# on FA application OAuth tab #
|
|
45
|
+
###############################
|
|
28
46
|
config.client_id = ENV['FUSION_AUTH_CLIENT_ID']
|
|
29
47
|
config.client_secret = ENV['FUSION_AUTH_CLIENT_SECRET']
|
|
30
|
-
|
|
48
|
+
|
|
49
|
+
###################################################################################
|
|
50
|
+
# View default signing key: https://illustrativemath-dev.fusionauth.io/admin/key/ #
|
|
51
|
+
###################################################################################
|
|
31
52
|
config.hmac = ENV['FUSION_AUTH_HMAC']
|
|
32
|
-
config.iss_domain = ENV['FUSION_AUTH_ISS_DOMAIN']
|
|
33
|
-
config.authorize_url = ENV['FUSION_AUTH_AUTHORIZE_URL'] || DEFAULT_AUTHORIZE_URL
|
|
34
|
-
config.token_url = ENV['FUSION_AUTH_TOKEN_URL'] || DEFAULT_TOKEN_URL
|
|
35
53
|
end
|
|
36
54
|
end
|
|
37
55
|
```
|
|
38
56
|
|
|
39
57
|
* The `ENV` variable values can be obtained from the OAuth provider.
|
|
58
|
+
* Here is [an article at FusionAuth](https://fusionauth.io/blog/2020/12/14/how-to-securely-implement-oauth-rails) describing many of these settings.
|
|
40
59
|
* The `callback_route` setting is used in two related ways:
|
|
41
60
|
* It [defines a route](https://github.com/illustrativemathematics/oauth_im/blob/main/config/routes.rb#L4) to the [`OAuthIm::ClientController#callback`
|
|
42
61
|
action](https://github.com/illustrativemathematics/oauth_im/blob/main/app/controllers/oauth_im/client_controller.rb#L7-L12).
|
|
@@ -54,9 +73,9 @@ end
|
|
|
54
73
|
The engine provides [two endpoints](https://github.com/illustrativemathematics/oauth_im/blob/main/config/routes.rb#L5-L6) for logging in and out, and exposes
|
|
55
74
|
corresponding view helpers. These are accessible from the main app as:
|
|
56
75
|
|
|
57
|
-
| path
|
|
58
|
-
|
|
59
|
-
| `oauth_im.login_path`
|
|
76
|
+
| path | url |
|
|
77
|
+
|------------------------|-----------------------|
|
|
78
|
+
| `oauth_im.login_path` | `oauth_im.login_url` |
|
|
60
79
|
| `oauth_im.logout_path` | `oauth_im.logout_url` |
|
|
61
80
|
|
|
62
81
|
* Note that the helpers are namespaced to the engine.
|
|
@@ -124,6 +143,9 @@ After many false starts, this repo includes two (seemingly functional) github wo
|
|
|
124
143
|
|
|
125
144
|
## Version History
|
|
126
145
|
|
|
146
|
+
### 0.7.3
|
|
147
|
+
* Cleaned up configuration
|
|
148
|
+
|
|
127
149
|
### 0.7.2
|
|
128
150
|
* Using :http protocol in tests (not https)
|
|
129
151
|
|
|
@@ -13,7 +13,7 @@ module OauthIm
|
|
|
13
13
|
end
|
|
14
14
|
|
|
15
15
|
def logout_url
|
|
16
|
-
@logout_url ||= "#{
|
|
16
|
+
@logout_url ||= "#{idp_url}/oauth2/logout" \
|
|
17
17
|
"?post_logout_redirect_uri=#{return_to_url}" \
|
|
18
18
|
"&client_id=#{client_id}"
|
|
19
19
|
end
|
|
@@ -26,7 +26,7 @@ module OauthIm
|
|
|
26
26
|
|
|
27
27
|
delegate :host_with_port, :params, to: :request
|
|
28
28
|
delegate :configuration, to: OauthIm
|
|
29
|
-
delegate :authorize_url, :
|
|
29
|
+
delegate :authorize_url, :token_url, :idp_url, :client_id, :client_secret,
|
|
30
30
|
to: :configuration
|
|
31
31
|
delegate :auth_code, to: :oauth_client
|
|
32
32
|
|
|
@@ -64,7 +64,7 @@ module OauthIm
|
|
|
64
64
|
@oauth_client ||= ::OAuth2::Client.new client_id,
|
|
65
65
|
client_secret,
|
|
66
66
|
authorize_url: authorize_url,
|
|
67
|
-
site:
|
|
67
|
+
site: idp_url,
|
|
68
68
|
token_url: token_url,
|
|
69
69
|
redirect_uri: redirect_url
|
|
70
70
|
end
|
|
@@ -1,16 +1,21 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
+
########################################################################################
|
|
4
|
+
# edc: see https://fusionauth.io/blog/2020/12/14/how-to-securely-implement-oauth-rails #
|
|
5
|
+
########################################################################################
|
|
6
|
+
|
|
3
7
|
module OauthIm
|
|
4
8
|
CONFIGURABLE_FIELDS =
|
|
5
|
-
%i[
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
9
|
+
%i[
|
|
10
|
+
authorize_url
|
|
11
|
+
callback_route
|
|
12
|
+
token_url
|
|
13
|
+
idp_url
|
|
14
|
+
iss_domain
|
|
15
|
+
client_id
|
|
16
|
+
client_secret
|
|
17
|
+
hmac
|
|
18
|
+
].freeze
|
|
14
19
|
|
|
15
20
|
class Configuration
|
|
16
21
|
attr_reader(* CONFIGURABLE_FIELDS)
|
data/lib/oauth_im/version.rb
CHANGED
data/lib/oauth_im.rb
CHANGED
|
@@ -1,13 +1,19 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
+
########################################################################################
|
|
4
|
+
# edc: see https://fusionauth.io/blog/2020/12/14/how-to-securely-implement-oauth-rails #
|
|
5
|
+
########################################################################################
|
|
6
|
+
|
|
3
7
|
require 'oauth_im/version'
|
|
4
8
|
require 'oauth_im/engine'
|
|
5
9
|
require 'oauth_im/configuration'
|
|
6
10
|
|
|
7
11
|
module OauthIm
|
|
8
12
|
DEFAULT_AUTHORIZE_URL = '/oauth2/authorize'
|
|
9
|
-
DEFAULT_TOKEN_URL = '/oauth2/token'
|
|
10
13
|
DEFAULT_CALLBACK_ROUTE = 'callback'
|
|
14
|
+
DEFAULT_TOKEN_URL = '/oauth2/token'
|
|
15
|
+
DEFAULT_IDP_URL = 'https://illustrativemath-dev.fusionauth.io'
|
|
16
|
+
DEFAULT_ISS_DOMAIN = 'illustrativemathematics.org'
|
|
11
17
|
|
|
12
18
|
class << self
|
|
13
19
|
attr_reader :configuration
|