oauth_im 0.7.2 → 0.7.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +31 -9
  3. data/app/services/oauth_im/client.rb +3 -3
  4. data/lib/oauth_im/configuration.rb +14 -9
  5. data/lib/oauth_im/version.rb +1 -1
  6. data/lib/oauth_im.rb +7 -1
  7. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: fa5dbaae2a3e5884523e938a1a2c1a5009297260c2ced57a69eb6b9b43bc0116
4
- data.tar.gz: 5d80271d7c2aa8d9baa53119180c7889da5c47f30f51cf92d8f0aa2f1c2e5376
3
+ metadata.gz: f4b28f51bcd7b2893dd52780a267678fab317eb70feefa6d3ab9d714cad45834
4
+ data.tar.gz: c605bb66ede19ea12e1e124f12164d3cee63358d24a0bd0971693732e96b380f
5
5
  SHA512:
6
- metadata.gz: 873154c1389b866c7d68d209d6bf83e107c7db64e01ab0bffcba9578ad5f6e0df22ea91a66fda1dd67ee9675ad18c330716c7572b772e9e721a241e5a473369c
7
- data.tar.gz: 8e1c2d0c1ef24d23f4348788fee37befbf216af10b9425f4dc861739dc745ab57db76b3c7b0a3d8869457aa1b701d7a5fe6940358a47ec104fe7aca9027fb9b0
6
+ metadata.gz: a61461548d89152f21df67bdafc810ff7e38826e070a61185a5b557c28c42d3477fc92acf1de2e256d0a6349a1a8c6923248bda1586c7303fe5f77aa5d1a2c4f
7
+ data.tar.gz: 3c4db160ded76f36e56ed22791f404741b43cc1b204c8221f09852c0ab3ca71b7c9cbd0ed28a5a0d298b7d855becc841efb768e5578359057db8d8cc062208d3
data/README.md CHANGED
@@ -23,20 +23,39 @@ Once the gem is installed, add an initializer. Here is an example:
23
23
  # config/initializers/oauth_im.rb
24
24
  module OauthIm
25
25
  configure do |config|
26
- config.api_key = ENV['FUSION_AUTH_API_KEY']
27
- config.callback_route = ENV['FUSION_CALLBACK_ROUTE] || DEFAULT_CALLBACK_ROUTE
26
+ #####################################
27
+ # these routes are local to the app #
28
+ #####################################
29
+ config.authorize_url = ENV.fetch 'FUSION_AUTH_AUTHORIZE_URL', DEFAULT_AUTHORIZE_URL
30
+ config.callback_route = ENV.fetch 'FUSION_CALLBACK_ROUTE', DEFAULT_CALLBACK_ROUTE
31
+ config.token_url = ENV.fetch 'FUSION_AUTH_TOKEN_URL', DEFAULT_TOKEN_URL
32
+
33
+ ##############################################
34
+ # identity provider url (e.g., fusion auth): #
35
+ ##############################################
36
+ config.idp_url = ENV.fetch 'FUSION_AUTH_IDP_URL', DEFAULT_IDP_URL
37
+
38
+ ################################################
39
+ # Issuer domain: find on FA tenant General tab #
40
+ ################################################
41
+ config.iss_domain = ENV.fetch 'FUSION_AUTH_ISS_DOMAIN', DEFAULT_ISS_DOMAIN
42
+
43
+ ###############################
44
+ # on FA application OAuth tab #
45
+ ###############################
28
46
  config.client_id = ENV['FUSION_AUTH_CLIENT_ID']
29
47
  config.client_secret = ENV['FUSION_AUTH_CLIENT_SECRET']
30
- config.domain = ENV['FUSION_AUTH_DOMAIN']
48
+
49
+ ###################################################################################
50
+ # View default signing key: https://illustrativemath-dev.fusionauth.io/admin/key/ #
51
+ ###################################################################################
31
52
  config.hmac = ENV['FUSION_AUTH_HMAC']
32
- config.iss_domain = ENV['FUSION_AUTH_ISS_DOMAIN']
33
- config.authorize_url = ENV['FUSION_AUTH_AUTHORIZE_URL'] || DEFAULT_AUTHORIZE_URL
34
- config.token_url = ENV['FUSION_AUTH_TOKEN_URL'] || DEFAULT_TOKEN_URL
35
53
  end
36
54
  end
37
55
  ```
38
56
 
39
57
  * The `ENV` variable values can be obtained from the OAuth provider.
58
+ * Here is [an article at FusionAuth](https://fusionauth.io/blog/2020/12/14/how-to-securely-implement-oauth-rails) describing many of these settings.
40
59
  * The `callback_route` setting is used in two related ways:
41
60
  * It [defines a route](https://github.com/illustrativemathematics/oauth_im/blob/main/config/routes.rb#L4) to the [`OAuthIm::ClientController#callback`
42
61
  action](https://github.com/illustrativemathematics/oauth_im/blob/main/app/controllers/oauth_im/client_controller.rb#L7-L12).
@@ -54,9 +73,9 @@ end
54
73
  The engine provides [two endpoints](https://github.com/illustrativemathematics/oauth_im/blob/main/config/routes.rb#L5-L6) for logging in and out, and exposes
55
74
  corresponding view helpers. These are accessible from the main app as:
56
75
 
57
- | path | url |
58
- |------|-----|
59
- | `oauth_im.login_path` | `oauth_im.login_url` |
76
+ | path | url |
77
+ |------------------------|-----------------------|
78
+ | `oauth_im.login_path` | `oauth_im.login_url` |
60
79
  | `oauth_im.logout_path` | `oauth_im.logout_url` |
61
80
 
62
81
  * Note that the helpers are namespaced to the engine.
@@ -124,6 +143,9 @@ After many false starts, this repo includes two (seemingly functional) github wo
124
143
 
125
144
  ## Version History
126
145
 
146
+ ### 0.7.3
147
+ * Cleaned up configuration
148
+
127
149
  ### 0.7.2
128
150
  * Using :http protocol in tests (not https)
129
151
 
data/app/services/oauth_im/client.rb CHANGED
@@ -13,7 +13,7 @@ module OauthIm
13
13
  end
14
14
 
15
15
  def logout_url
16
- @logout_url ||= "#{domain}/oauth2/logout" \
16
+ @logout_url ||= "#{idp_url}/oauth2/logout" \
17
17
  "?post_logout_redirect_uri=#{return_to_url}" \
18
18
  "&client_id=#{client_id}"
19
19
  end
@@ -26,7 +26,7 @@ module OauthIm
26
26
 
27
27
  delegate :host_with_port, :params, to: :request
28
28
  delegate :configuration, to: OauthIm
29
- delegate :authorize_url, :client_id, :client_secret, :domain, :token_url,
29
+ delegate :authorize_url, :token_url, :idp_url, :client_id, :client_secret,
30
30
  to: :configuration
31
31
  delegate :auth_code, to: :oauth_client
32
32
 
@@ -64,7 +64,7 @@ module OauthIm
64
64
  @oauth_client ||= ::OAuth2::Client.new client_id,
65
65
  client_secret,
66
66
  authorize_url: authorize_url,
67
- site: domain,
67
+ site: idp_url,
68
68
  token_url: token_url,
69
69
  redirect_uri: redirect_url
70
70
  end
data/lib/oauth_im/configuration.rb CHANGED
@@ -1,16 +1,21 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ ########################################################################################
4
+ # edc: see https://fusionauth.io/blog/2020/12/14/how-to-securely-implement-oauth-rails #
5
+ ########################################################################################
6
+
3
7
  module OauthIm
4
8
  CONFIGURABLE_FIELDS =
5
- %i[api_key
6
- authorize_url
7
- callback_route
8
- client_id
9
- client_secret
10
- domain
11
- hmac
12
- iss_domain
13
- token_url].freeze
9
+ %i[
10
+ authorize_url
11
+ callback_route
12
+ token_url
13
+ idp_url
14
+ iss_domain
15
+ client_id
16
+ client_secret
17
+ hmac
18
+ ].freeze
14
19
 
15
20
  class Configuration
16
21
  attr_reader(* CONFIGURABLE_FIELDS)
data/lib/oauth_im/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module OauthIm
4
- VERSION = '0.7.2'
4
+ VERSION = '0.7.3'
5
5
  end
data/lib/oauth_im.rb CHANGED
@@ -1,13 +1,19 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ ########################################################################################
4
+ # edc: see https://fusionauth.io/blog/2020/12/14/how-to-securely-implement-oauth-rails #
5
+ ########################################################################################
6
+
3
7
  require 'oauth_im/version'
4
8
  require 'oauth_im/engine'
5
9
  require 'oauth_im/configuration'
6
10
 
7
11
  module OauthIm
8
12
  DEFAULT_AUTHORIZE_URL = '/oauth2/authorize'
9
- DEFAULT_TOKEN_URL = '/oauth2/token'
10
13
  DEFAULT_CALLBACK_ROUTE = 'callback'
14
+ DEFAULT_TOKEN_URL = '/oauth2/token'
15
+ DEFAULT_IDP_URL = 'https://illustrativemath-dev.fusionauth.io'
16
+ DEFAULT_ISS_DOMAIN = 'illustrativemathematics.org'
11
17
 
12
18
  class << self
13
19
  attr_reader :configuration
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: oauth_im
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.7.2
4
+ version: 0.7.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eric Connally