oauth_im 0.7.2 → 0.7.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +31 -9
- data/app/services/oauth_im/client.rb +3 -3
- data/lib/oauth_im/configuration.rb +14 -9
- data/lib/oauth_im/version.rb +1 -1
- data/lib/oauth_im.rb +7 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f4b28f51bcd7b2893dd52780a267678fab317eb70feefa6d3ab9d714cad45834
|
4
|
+
data.tar.gz: c605bb66ede19ea12e1e124f12164d3cee63358d24a0bd0971693732e96b380f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a61461548d89152f21df67bdafc810ff7e38826e070a61185a5b557c28c42d3477fc92acf1de2e256d0a6349a1a8c6923248bda1586c7303fe5f77aa5d1a2c4f
|
7
|
+
data.tar.gz: 3c4db160ded76f36e56ed22791f404741b43cc1b204c8221f09852c0ab3ca71b7c9cbd0ed28a5a0d298b7d855becc841efb768e5578359057db8d8cc062208d3
|
data/README.md
CHANGED
@@ -23,20 +23,39 @@ Once the gem is installed, add an initializer. Here is an example:
|
|
23
23
|
# config/initializers/oauth_im.rb
|
24
24
|
module OauthIm
|
25
25
|
configure do |config|
|
26
|
-
|
27
|
-
|
26
|
+
#####################################
|
27
|
+
# these routes are local to the app #
|
28
|
+
#####################################
|
29
|
+
config.authorize_url = ENV.fetch 'FUSION_AUTH_AUTHORIZE_URL', DEFAULT_AUTHORIZE_URL
|
30
|
+
config.callback_route = ENV.fetch 'FUSION_CALLBACK_ROUTE', DEFAULT_CALLBACK_ROUTE
|
31
|
+
config.token_url = ENV.fetch 'FUSION_AUTH_TOKEN_URL', DEFAULT_TOKEN_URL
|
32
|
+
|
33
|
+
##############################################
|
34
|
+
# identity provider url (e.g., fusion auth): #
|
35
|
+
##############################################
|
36
|
+
config.idp_url = ENV.fetch 'FUSION_AUTH_IDP_URL', DEFAULT_IDP_URL
|
37
|
+
|
38
|
+
################################################
|
39
|
+
# Issuer domain: find on FA tenant General tab #
|
40
|
+
################################################
|
41
|
+
config.iss_domain = ENV.fetch 'FUSION_AUTH_ISS_DOMAIN', DEFAULT_ISS_DOMAIN
|
42
|
+
|
43
|
+
###############################
|
44
|
+
# on FA application OAuth tab #
|
45
|
+
###############################
|
28
46
|
config.client_id = ENV['FUSION_AUTH_CLIENT_ID']
|
29
47
|
config.client_secret = ENV['FUSION_AUTH_CLIENT_SECRET']
|
30
|
-
|
48
|
+
|
49
|
+
###################################################################################
|
50
|
+
# View default signing key: https://illustrativemath-dev.fusionauth.io/admin/key/ #
|
51
|
+
###################################################################################
|
31
52
|
config.hmac = ENV['FUSION_AUTH_HMAC']
|
32
|
-
config.iss_domain = ENV['FUSION_AUTH_ISS_DOMAIN']
|
33
|
-
config.authorize_url = ENV['FUSION_AUTH_AUTHORIZE_URL'] || DEFAULT_AUTHORIZE_URL
|
34
|
-
config.token_url = ENV['FUSION_AUTH_TOKEN_URL'] || DEFAULT_TOKEN_URL
|
35
53
|
end
|
36
54
|
end
|
37
55
|
```
|
38
56
|
|
39
57
|
* The `ENV` variable values can be obtained from the OAuth provider.
|
58
|
+
* Here is [an article at FusionAuth](https://fusionauth.io/blog/2020/12/14/how-to-securely-implement-oauth-rails) describing many of these settings.
|
40
59
|
* The `callback_route` setting is used in two related ways:
|
41
60
|
* It [defines a route](https://github.com/illustrativemathematics/oauth_im/blob/main/config/routes.rb#L4) to the [`OAuthIm::ClientController#callback`
|
42
61
|
action](https://github.com/illustrativemathematics/oauth_im/blob/main/app/controllers/oauth_im/client_controller.rb#L7-L12).
|
@@ -54,9 +73,9 @@ end
|
|
54
73
|
The engine provides [two endpoints](https://github.com/illustrativemathematics/oauth_im/blob/main/config/routes.rb#L5-L6) for logging in and out, and exposes
|
55
74
|
corresponding view helpers. These are accessible from the main app as:
|
56
75
|
|
57
|
-
| path
|
58
|
-
|
59
|
-
| `oauth_im.login_path`
|
76
|
+
| path | url |
|
77
|
+
|------------------------|-----------------------|
|
78
|
+
| `oauth_im.login_path` | `oauth_im.login_url` |
|
60
79
|
| `oauth_im.logout_path` | `oauth_im.logout_url` |
|
61
80
|
|
62
81
|
* Note that the helpers are namespaced to the engine.
|
@@ -124,6 +143,9 @@ After many false starts, this repo includes two (seemingly functional) github wo
|
|
124
143
|
|
125
144
|
## Version History
|
126
145
|
|
146
|
+
### 0.7.3
|
147
|
+
* Cleaned up configuration
|
148
|
+
|
127
149
|
### 0.7.2
|
128
150
|
* Using :http protocol in tests (not https)
|
129
151
|
|
@@ -13,7 +13,7 @@ module OauthIm
|
|
13
13
|
end
|
14
14
|
|
15
15
|
def logout_url
|
16
|
-
@logout_url ||= "#{
|
16
|
+
@logout_url ||= "#{idp_url}/oauth2/logout" \
|
17
17
|
"?post_logout_redirect_uri=#{return_to_url}" \
|
18
18
|
"&client_id=#{client_id}"
|
19
19
|
end
|
@@ -26,7 +26,7 @@ module OauthIm
|
|
26
26
|
|
27
27
|
delegate :host_with_port, :params, to: :request
|
28
28
|
delegate :configuration, to: OauthIm
|
29
|
-
delegate :authorize_url, :
|
29
|
+
delegate :authorize_url, :token_url, :idp_url, :client_id, :client_secret,
|
30
30
|
to: :configuration
|
31
31
|
delegate :auth_code, to: :oauth_client
|
32
32
|
|
@@ -64,7 +64,7 @@ module OauthIm
|
|
64
64
|
@oauth_client ||= ::OAuth2::Client.new client_id,
|
65
65
|
client_secret,
|
66
66
|
authorize_url: authorize_url,
|
67
|
-
site:
|
67
|
+
site: idp_url,
|
68
68
|
token_url: token_url,
|
69
69
|
redirect_uri: redirect_url
|
70
70
|
end
|
@@ -1,16 +1,21 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
########################################################################################
|
4
|
+
# edc: see https://fusionauth.io/blog/2020/12/14/how-to-securely-implement-oauth-rails #
|
5
|
+
########################################################################################
|
6
|
+
|
3
7
|
module OauthIm
|
4
8
|
CONFIGURABLE_FIELDS =
|
5
|
-
%i[
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
9
|
+
%i[
|
10
|
+
authorize_url
|
11
|
+
callback_route
|
12
|
+
token_url
|
13
|
+
idp_url
|
14
|
+
iss_domain
|
15
|
+
client_id
|
16
|
+
client_secret
|
17
|
+
hmac
|
18
|
+
].freeze
|
14
19
|
|
15
20
|
class Configuration
|
16
21
|
attr_reader(* CONFIGURABLE_FIELDS)
|
data/lib/oauth_im/version.rb
CHANGED
data/lib/oauth_im.rb
CHANGED
@@ -1,13 +1,19 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
########################################################################################
|
4
|
+
# edc: see https://fusionauth.io/blog/2020/12/14/how-to-securely-implement-oauth-rails #
|
5
|
+
########################################################################################
|
6
|
+
|
3
7
|
require 'oauth_im/version'
|
4
8
|
require 'oauth_im/engine'
|
5
9
|
require 'oauth_im/configuration'
|
6
10
|
|
7
11
|
module OauthIm
|
8
12
|
DEFAULT_AUTHORIZE_URL = '/oauth2/authorize'
|
9
|
-
DEFAULT_TOKEN_URL = '/oauth2/token'
|
10
13
|
DEFAULT_CALLBACK_ROUTE = 'callback'
|
14
|
+
DEFAULT_TOKEN_URL = '/oauth2/token'
|
15
|
+
DEFAULT_IDP_URL = 'https://illustrativemath-dev.fusionauth.io'
|
16
|
+
DEFAULT_ISS_DOMAIN = 'illustrativemathematics.org'
|
11
17
|
|
12
18
|
class << self
|
13
19
|
attr_reader :configuration
|