oidc_provider 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: f9ecb70ab0d1be5f3dae4837a3e073a1360e0bba
+  data.tar.gz: 0e1f83398394d4441377dd28e48401ccfcd891f9
+SHA512:
+  metadata.gz: 05b71caa7fe69bd7162beb297d509e586f2e5a37f1520b5362549e8a31aeb0a654269f80fb24bac832fd4991a0634d59a481cd58fa36b62a50e65ddfc1d3df2f
+  data.tar.gz: '088d8b1ceb4d00dbc3de928187017e9f72505f73e15564a519083addb9409e9b814f31199b7c32bb1d20494bb5932bea3f477a9f204de4572576ab3d16c2f90e'

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2018 
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,75 @@
+# OIDCProvider
+Short description and motivation.
+
+## Usage
+Use your application as an Open ID provider.
+
+You'll need some kind of user authentication to exist on you application first. Normally we use Devise.
+
+## Installation
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'oidc_provider'
+```
+
+And then execute:
+```bash
+$ bundle
+```
+
+Or install it yourself as:
+```bash
+$ gem install oidc_provider
+```
+
+Install the support stuffs:
+
+* an initializer
+* default routes to your routes file
+
+```bash
+$ rails generate oidc_provider:install
+```
+
+Migrations next:
+
+```bash
+$ rails oidc_provider:install:migrations
+$ rails db:migrate
+```
+
+### Private Key
+
+You will need to generate a unique private key per application.
+
+```bash
+$ ssh-keygen
+```
+
+Due to Docker Composes' lack of support for multiline `.env` variables, put a passphrase on it. Then add the key to your application at `lib/oidc_provider_key.pem` and add the passphrase as an environment variables in your application: `ENV["OIDC_PROVIDER_KEY_PASSPHRASE"]`.
+
+# Testing configuration
+
+Visit: https://demo.c2id.com/oidc-client/
+
+Click "OpenID provider details"
+
+Put in your website as the issuer and click "Query"
+
+You should see values generated for all 4 endpoints below.
+
+
+## Contributing
+Contribution directions go here.
+
+## License
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+
+## How to build this gem
+
+```
+gem build oidc_provider.gemspec
+gem push channel_research_stationery-2.10.gem
+gem yank -v 2.10 channel_research_stationery
+```

data/Rakefile

@@ -0,0 +1,32 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'Openid::Connect::Provider'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.md')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("test/dummy/Rakefile", __dir__)
+load 'rails/tasks/engine.rake'
+
+load 'rails/tasks/statistics.rake'
+
+require 'bundler/gem_tasks'
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+task default: :test

data/app/controllers/oidc_provider/application_controller.rb

@@ -0,0 +1,5 @@
+module OIDCProvider
+  class ApplicationController < ActionController::Base
+    include Concerns::Authentication
+  end
+end

data/app/controllers/oidc_provider/authorizations_controller.rb

@@ -0,0 +1,47 @@
+module OIDCProvider
+  class AuthorizationsController < ApplicationController
+    include Concerns::ConnectEndpoint
+
+    before_action :require_oauth_request
+    before_action :require_response_type_code
+    before_action :require_client
+    before_action :require_authentication
+
+    def create
+      puts "scopes: #{requested_scopes}"
+      authorization = Authorization.create(
+        client_id: @client.identifier,
+        nonce: oauth_request.nonce,
+        scopes: requested_scopes,
+        account: current_account
+      )
+
+      oauth_response.code = authorization.code
+      oauth_response.redirect_uri = @redirect_uri
+      oauth_response.approve!
+      redirect_to oauth_response.location
+
+      # If we ever need to support denied authorizations that is done by:
+      # oauth_request.access_denied!
+    end
+
+    private
+
+    def require_client
+      @client = ClientStore.new.find_by(identifier: oauth_request.client_id) or oauth_request.invalid_request! 'not a valid client'
+      @redirect_uri = oauth_request.verify_redirect_uri! [oauth_request.redirect_uri, @client.redirect_uri]
+    end
+
+    def requested_scopes
+      @requested_scopes ||= (["openid"] + OIDCProvider.supported_scopes.map(&:name)) & oauth_request.scope
+    end
+    helper_method :requested_scopes
+
+    def require_response_type_code
+      unless oauth_request.response_type == :code
+        oauth_request.unsupported_response_type!
+      end
+    end
+  end
+
+end

data/app/controllers/oidc_provider/concerns/authentication.rb

@@ -0,0 +1,23 @@
+module OIDCProvider
+  module Concerns
+    module Authentication
+      def current_account
+        send(OIDCProvider.current_account_method)
+      end
+
+      def current_token
+        @current_token ||= request.env[Rack::OAuth2::Server::Resource::ACCESS_TOKEN]
+      end
+
+      def require_authentication
+        authenticate_user!
+      end
+
+      def require_access_token
+        unless current_token
+          raise Rack::OAuth2::Server::Resource::Bearer::Unauthorized.new
+        end
+      end
+    end
+  end
+end

data/app/controllers/oidc_provider/concerns/connect_endpoint.rb

@@ -0,0 +1,41 @@
+module OIDCProvider
+  module Concerns
+    module ConnectEndpoint
+      extend ActiveSupport::Concern
+
+      included do
+        helper_method :oauth_request
+        rescue_from Rack::OAuth2::Server::Authorize::BadRequest, with: :handle_oauth_error!
+      end
+
+      def oauth_request
+        request.env[Rack::OAuth2::Server::Rails::REQUEST]
+      end
+
+      def oauth_response
+        request.env[Rack::OAuth2::Server::Rails::RESPONSE]
+      end
+
+      def oauth_error
+        request.env[Rack::OAuth2::Server::Rails::ERROR]
+      end
+
+      def handle_oauth_error!(e)
+        if e.redirect?
+          raise e # NOTE: rack middleware should handle this error.
+        else
+          render plain: e.message, status: e.status
+        end
+      end
+
+      def require_oauth_request
+        if oauth_error
+          raise oauth_error
+        end
+        unless oauth_request && oauth_response
+          raise 'should\'t happen'
+        end
+      end
+    end
+  end
+end

data/app/controllers/oidc_provider/discovery_controller.rb

@@ -0,0 +1,46 @@
+module OIDCProvider
+  class DiscoveryController < ApplicationController
+    def show
+      case params[:id]
+      when 'webfinger'
+        webfinger_discovery
+      when 'openid-configuration'
+        openid_configuration
+      else
+        render plain: "Not found", status: :not_found
+      end
+    end
+
+    private
+
+    def webfinger_discovery
+      jrd = {
+        links: [{
+          rel: OpenIDConnect::Discovery::Provider::Issuer::REL_VALUE,
+          href: OIDCProvider.issuer
+        }]
+      }
+      jrd[:subject] = params[:resource] if params[:resource].present?
+      render json: jrd, content_type: Mime::JRD
+    end
+
+    def openid_configuration
+      config = OpenIDConnect::Discovery::Provider::Config::Response.new(
+        issuer: OIDCProvider.issuer,
+        authorization_endpoint: authorizations_url,
+        token_endpoint: tokens_url,
+        userinfo_endpoint: user_info_url,
+        jwks_uri: jwks_url,
+        scopes_supported: ["openid"] + OIDCProvider.supported_scopes.map(&:name),
+        response_types_supported: [:code],
+        grant_types_supported: [:authorization_code],
+        subject_types_supported: [:public],
+        id_token_signing_alg_values_supported: [:RS256],
+        token_endpoint_auth_methods_supported: ['client_secret_basic', 'client_secret_post'],
+        claims_supported: ['sub', 'iss', 'name', 'email']
+      )
+      render json: config
+    end
+  end
+
+end

data/app/controllers/oidc_provider/user_infos_controller.rb

@@ -0,0 +1,9 @@
+module OIDCProvider
+  class UserInfosController < ApplicationController
+    before_action :require_access_token
+
+    def show
+      render json: AccountToUserInfo.new.(current_token.authorization.account, current_token.authorization.scopes)
+    end
+  end
+end

data/app/models/oidc_provider/access_token.rb

@@ -0,0 +1,17 @@
+module OIDCProvider
+  class AccessToken < ApplicationRecord
+    belongs_to :authorization
+
+    scope :valid, -> { where(arel_table[:expires_at].gteq(Time.now.utc)) }
+
+    attribute :token, :string, default: -> { SecureRandom.hex 32 }
+    attribute :expires_at, :datetime, default: -> { 1.hours.from_now } 
+
+    def to_bearer_token
+      Rack::OAuth2::AccessToken::Bearer.new(
+        access_token: token,
+        expires_in: (expires_at - Time.now).to_i
+      )
+    end
+  end
+end

data/app/models/oidc_provider/application_record.rb

@@ -0,0 +1,5 @@
+module OIDCProvider
+  class ApplicationRecord < ActiveRecord::Base
+    self.abstract_class = true
+  end
+end

data/app/models/oidc_provider/authorization.rb

@@ -0,0 +1,41 @@
+module OIDCProvider
+  class Authorization < ApplicationRecord
+    belongs_to :account, class_name: OIDCProvider.account_class
+    has_one :access_token
+    has_one :id_token
+
+    scope :valid, -> { where(arel_table[:expires_at].gteq(Time.now.utc)) }
+
+    attribute :code, :string, default: -> { SecureRandom.hex 32 }
+    attribute :expires_at, :datetime, default: -> { 5.minutes.from_now }
+
+    serialize :scopes, JSON
+
+    def expire!
+      self.expires_at = Time.now
+      self.save!
+    end
+
+    def access_token
+      super || expire! && generate_access_token!
+    end
+
+    def id_token
+      super || generate_id_token!
+    end
+
+    private
+
+    def generate_access_token!
+      token = create_access_token!
+      token
+    end
+
+    def generate_id_token!
+      token = build_id_token
+      token.nonce = nonce
+      token.save!
+      token
+    end
+  end
+end

data/app/models/oidc_provider/id_token.rb

@@ -0,0 +1,47 @@
+module OIDCProvider
+  class IdToken < ApplicationRecord
+    belongs_to :authorization
+
+    attribute :expires_at, :datetime, default: -> { 1.hour.from_now }
+
+    delegate :account, to: :authorization
+
+    def to_response_object
+      OpenIDConnect::ResponseObject::IdToken.new(
+        iss: OIDCProvider.issuer,
+        sub: account.send(OIDCProvider.account_identifier),
+        aud: authorization.client_id,
+        nonce: nonce,
+        exp: expires_at.to_i,
+        iat: created_at.to_i
+      )
+    end
+
+    def to_jwt
+      to_response_object.to_jwt(self.class.private_jwk)
+    end
+
+    private
+
+    class << self
+      def key_pair
+        @key_pair ||= OpenSSL::PKey::RSA.new(File.read(Rails.root.join("lib/oidc_provider_key.pem")), ENV["OIDC_PROVIDER_KEY_PASSPHRASE"])
+      end
+
+      def private_jwk
+        JSON::JWK.new key_pair
+      end
+
+      def public_jwk
+        JSON::JWK.new key_pair.public_key
+      end
+
+      def config
+        {
+          issuer: OIDCProvider.issuer,
+          jwk_set: JSON::JWK::Set.new(public_jwk)
+        }
+      end
+    end
+  end
+end

data/config/initializers/inflections.rb

@@ -0,0 +1,3 @@
+ActiveSupport::Inflector.inflections do |inflect|
+  inflect.acronym 'OIDC'  
+end

data/config/routes.rb

@@ -0,0 +1,7 @@
+OIDCProvider::Engine.routes.draw do
+  match 'authorizations' => 'authorizations#create', via: [:get, :post]
+  resource :user_info, only: :show
+
+  post 'tokens', to: proc { |env| OIDCProvider::TokenEndpoint.new.call(env) }
+  get 'jwks.json', as: :jwks, to: proc { |env| [200, {'Content-Type' => 'application/json'}, [OIDCProvider::IdToken.config[:jwk_set].to_json]] }
+end

data/lib/generators/oidc_provider/install_generator.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+# require 'rails/generators/base'
+# require 'securerandom'
+
+module OidcProvider
+
+    class InstallGenerator < Rails::Generators::Base
+      source_root File.expand_path('templates', __dir__)
+
+      desc "Creates a OIDCProvider initializer."
+
+      def copy_initializer_file
+        copy_file "initializer.rb", "config/initializers/oidc_provider.rb"
+      end
+
+      def setup_routes
+        route "get '/.well-known/:id', to: 'oidc_provider/discovery#show'"
+        route "mount OIDCProvider::Engine, at: '/accounts/oauth'"
+      end
+
+
+      # def copy_locale
+      #   copy_file "../../../config/locales/en.yml", "config/locales/devise.en.yml"
+      # end
+
+      # def show_readme
+      #   readme "README" if behavior == :invoke
+      # end
+
+      # def rails_4?
+      #   Rails::VERSION::MAJOR == 4
+      # end
+    end
+end

data/lib/generators/oidc_provider/orm_helpers.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+module OIDCProvider
+  module Generators
+    module OrmHelpers
+#       def model_contents
+#         buffer = <<-CONTENT
+#   # Include default devise modules. Others available are:
+#   # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
+#   devise :database_authenticatable, :registerable,
+#          :recoverable, :rememberable, :validatable
+
+# CONTENT
+#         buffer
+#       end
+
+      private
+
+      # def model_exists?
+      #   File.exist?(File.join(destination_root, model_path))
+      # end
+
+      # def migration_exists?(table_name)
+      #   Dir.glob("#{File.join(destination_root, migration_path)}/[0-9]*_*.rb").grep(/\d+_add_devise_to_#{table_name}.rb$/).first
+      # end
+
+      def migration_path
+        if Rails.version >= '5.0.3'
+          db_migrate_path
+        else
+          @migration_path ||= File.join("db", "migrate")
+        end
+      end
+
+      # def model_path
+      #   @model_path ||= File.join("app", "models", "#{file_path}.rb")
+      # end
+    end
+  end
+end

data/lib/generators/oidc_provider/templates/initializer.rb

@@ -0,0 +1,30 @@
+OIDCProvider.configure do |config|
+  config.issuer = "https://myoidcprovider.org"
+  # config.account_class = "Administrator"
+
+  config.add_client do
+    name "Test Client"
+    identifier '0001'
+    secret '27ffb...'
+    redirect_uri 'https://demo.c2id.com/oidc-client/cb'
+  end
+
+  config.add_client do
+    name "Client 1"
+    identifier "client_01"
+    secret "6f14c..."
+    redirect_uri "https://clientone.com/TDE/openid_connect_login"
+  end
+
+  config.add_scope OIDCProvider::Scopes::Profile do |user|
+    name user.full_name
+    given_name user.first_name
+    family_name user.last_name
+  end
+
+  config.add_scope OIDCProvider::Scopes::Email do |user|
+    email user.email
+    email_verified false
+  end
+
+end

data/lib/oidc_provider/account_to_user_info.rb

@@ -0,0 +1,12 @@
+module OIDCProvider
+  class AccountToUserInfo
+    def call(account, scope_names)
+      scopes = scope_names.map { |name| OIDCProvider.supported_scopes.detect { |scope| scope.name == name } }.compact
+      OpenIDConnect::ResponseObject::UserInfo.new(sub: account.send(OIDCProvider.account_identifier)).tap do |user_info|
+        scopes.each do |scope|
+          UserInfoBuilder.new(user_info, account).run(&scope.work)
+        end
+      end
+    end
+  end
+end

data/lib/oidc_provider/client/builder.rb

@@ -0,0 +1,21 @@
+module OIDCProvider
+  class Client
+    class Builder
+      def initialize(&block)
+        @client = Client.new
+        @operation = block
+      end
+
+      def build
+        instance_exec(&@operation)
+        @client
+      end
+
+      [:identifier, :secret, :redirect_uri, :name].each do |attr|
+        define_method attr do |val|
+          @client.send("#{attr}=", val)
+        end
+      end
+    end
+  end
+end

data/lib/oidc_provider/client.rb

@@ -0,0 +1,14 @@
+module OIDCProvider
+  class Client
+    attr_accessor :identifier, :secret, :redirect_uri, :name
+
+    def initialize(options = {})
+      @identifier = options[:identifier]
+      @secret = options[:secret]
+      @redirect_uri = options[:redirect_uri]
+      @name = options[:name]
+    end
+  end
+end
+
+require 'oidc_provider/client/builder'

data/lib/oidc_provider/client_store.rb

@@ -0,0 +1,13 @@
+module OIDCProvider
+  class ClientStore
+    attr_reader :clients
+
+    def initialize(clients = OIDCProvider.clients)
+      @clients = clients
+    end
+
+    def find_by(attrs)
+      clients.detect { |client| attrs.all? { |key, value| client.send(key) == value } }
+    end
+  end
+end

data/lib/oidc_provider/engine.rb

@@ -0,0 +1,13 @@
+require 'rack/oauth2'
+
+module OIDCProvider
+  class Engine < ::Rails::Engine
+    isolate_namespace OIDCProvider
+
+    config.middleware.use Rack::OAuth2::Server::Rails::Authorize
+    config.middleware.use Rack::OAuth2::Server::Resource::Bearer, 'OpenID Connect' do |req|
+      AccessToken.valid.find_by(token: req.access_token) ||
+      req.invalid_token!
+    end
+  end
+end

data/lib/oidc_provider/scope.rb

@@ -0,0 +1,10 @@
+module OIDCProvider
+  class Scope
+    attr_accessor :name, :work
+
+    def initialize(name, &block)
+      @name = name
+      @work = block
+    end
+  end
+end

data/lib/oidc_provider/token_endpoint.rb

@@ -0,0 +1,33 @@
+module OIDCProvider
+  class TokenEndpoint
+    attr_accessor :app
+    delegate :call, to: :app
+
+    def initialize
+      @app = Rack::OAuth2::Server::Token.new do |req, res|
+        Rails.logger.info "Client ID: #{req.client_id}"
+        Rails.logger.info "Client secret: #{req.client_secret}"
+        Rails.logger.info "Redirect URI: #{req.redirect_uri}"
+        client = ClientStore.new.find_by(
+          identifier: req.client_id,
+          secret: req.client_secret,
+          redirect_uri: req.redirect_uri
+        ) || req.invalid_client!
+        
+        Rails.logger.info "Found a client!"
+
+        case req.grant_type
+        when :authorization_code
+          Rails.logger.info "Grant type was an authorization code. Correct!"
+          authorization = Authorization.valid.where(client_id: client.identifier, code: req.code).first || req.invalid_grant!
+          Rails.logger.info "We found an authorization matching this code!"
+          res.access_token = authorization.access_token.to_bearer_token
+          res.id_token = authorization.id_token.to_jwt if authorization.scopes.include?("openid")
+        else
+          Rails.logger.info "Unsupported grant type"
+          req.unsupported_grant_type!
+        end
+      end
+    end
+  end
+end

data/lib/oidc_provider/user_info_builder.rb

@@ -0,0 +1,18 @@
+module OIDCProvider
+  class UserInfoBuilder
+    attr_reader :user_info
+
+    def initialize(user_info, account)
+      @user_info = user_info
+      @account = account
+    end
+
+    def run(&block)
+      instance_exec(@account, &block)
+    end
+
+    def method_missing(sym, *args)
+      @user_info.send("#{sym}=", *args)
+    end
+  end
+end

data/lib/oidc_provider/version.rb

@@ -0,0 +1,3 @@
+module OIDCProvider
+  VERSION = '0.1.0'
+end

data/lib/oidc_provider.rb

@@ -0,0 +1,48 @@
+require "openid_connect"
+require "oidc_provider/engine"
+
+module OIDCProvider
+
+  module Scopes
+    OpenID = "openid"
+    Profile = "profile"
+    Email = "email"
+    Address = "address"
+  end
+
+  autoload :TokenEndpoint, 'oidc_provider/token_endpoint'
+  autoload :ClientStore, 'oidc_provider/client_store'
+  autoload :Client, 'oidc_provider/client'
+  autoload :AccountToUserInfo, 'oidc_provider/account_to_user_info'
+  autoload :Scope, 'oidc_provider/scope'
+  autoload :UserInfoBuilder, 'oidc_provider/user_info_builder'
+
+  mattr_accessor :issuer
+
+  mattr_accessor :supported_scopes
+  @@supported_scopes = []
+
+  mattr_accessor :clients
+  @@clients = []
+
+  mattr_accessor :account_class
+  @@account_class = "User"
+
+  mattr_accessor :current_account_method
+  @@current_account_method = :current_user
+
+  mattr_accessor :account_identifier
+  @@account_identifier = :id
+
+  def self.add_client(&block)
+    @@clients << Client::Builder.new(&block).build
+  end
+
+  def self.add_scope(name, &block)
+    @@supported_scopes << Scope.new(name, &block)
+  end
+
+  def self.configure
+    yield self
+  end
+end

data/lib/tasks/openid/connect/provider_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :openid_connect_provider do
+#   # Task goes here
+# end

metadata

@@ -0,0 +1,101 @@
+--- !ruby/object:Gem::Specification
+name: oidc_provider
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- William Carey
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-08-28 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+- !ruby/object:Gem::Dependency
+  name: openid_connect
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.1.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.1.3
+description: A Rails engine for providing OpenID Connect authorization.
+email:
+- willtcarey@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- app/controllers/oidc_provider/application_controller.rb
+- app/controllers/oidc_provider/authorizations_controller.rb
+- app/controllers/oidc_provider/concerns/authentication.rb
+- app/controllers/oidc_provider/concerns/connect_endpoint.rb
+- app/controllers/oidc_provider/discovery_controller.rb
+- app/controllers/oidc_provider/user_infos_controller.rb
+- app/models/oidc_provider/access_token.rb
+- app/models/oidc_provider/application_record.rb
+- app/models/oidc_provider/authorization.rb
+- app/models/oidc_provider/id_token.rb
+- config/initializers/inflections.rb
+- config/routes.rb
+- lib/generators/oidc_provider/install_generator.rb
+- lib/generators/oidc_provider/orm_helpers.rb
+- lib/generators/oidc_provider/templates/initializer.rb
+- lib/oidc_provider.rb
+- lib/oidc_provider/account_to_user_info.rb
+- lib/oidc_provider/client.rb
+- lib/oidc_provider/client/builder.rb
+- lib/oidc_provider/client_store.rb
+- lib/oidc_provider/engine.rb
+- lib/oidc_provider/scope.rb
+- lib/oidc_provider/token_endpoint.rb
+- lib/oidc_provider/user_info_builder.rb
+- lib/oidc_provider/version.rb
+- lib/tasks/openid/connect/provider_tasks.rake
+homepage: http://brandnewbox.com
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.2
+signing_key: 
+specification_version: 4
+summary: Uses the openid_connect gem to turn a Rails app into an OpenID Connect provider.
+test_files: []