omniauth-auth0 2.0.0 → 2.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.


This version of omniauth-auth0 might be problematic. Click here for more details.

@@ -0,0 +1,28 @@
1
+ require 'spec_helper'
2
+ require 'json'
3
+
4
+ describe OmniAuth::Auth0::Telemetry do
5
+
6
+ let(:test_class) { Class.new.extend(OmniAuth::Auth0::Telemetry) }
7
+
8
+ describe 'telemetry' do
9
+
10
+ it 'should have the correct SDK name' do
11
+ expect(test_class.telemetry).to have_key(:name)
12
+ expect(test_class.telemetry[:name]).to eq('omniauth-auth0')
13
+ end
14
+
15
+ it 'should have the correct SDK version' do
16
+ expect(test_class.telemetry).to have_key(:version)
17
+ expect(test_class.telemetry[:version]).to eq(OmniAuth::Auth0::VERSION)
18
+ end
19
+
20
+ it 'should include the Ruby version' do
21
+ expect(test_class.telemetry).to have_key(:env)
22
+ expect(test_class.telemetry[:env]).to have_key(:ruby)
23
+ expect(test_class.telemetry[:env][:ruby]).to eq(RUBY_VERSION)
24
+ end
25
+
26
+ end
27
+
28
+ end
@@ -1,4 +1,7 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'spec_helper'
4
+ require 'jwt'
2
5
 
3
6
  RSpec.shared_examples 'site has valid domain url' do |url|
4
7
  it { expect(subject.site).to eq(url) }
@@ -78,6 +81,64 @@ describe OmniAuth::Strategies::Auth0 do
78
81
  expect(redirect_url).to have_query('state')
79
82
  expect(redirect_url).to have_query('client_id')
80
83
  expect(redirect_url).to have_query('redirect_uri')
84
+ expect(redirect_url).not_to have_query('auth0Client')
85
+ expect(redirect_url).not_to have_query('connection')
86
+ expect(redirect_url).not_to have_query('connection_scope')
87
+ expect(redirect_url).not_to have_query('prompt')
88
+ expect(redirect_url).not_to have_query('screen_hint')
89
+ end
90
+
91
+ it 'redirects to hosted login page' do
92
+ get 'auth/auth0?connection=abcd'
93
+ expect(last_response.status).to eq(302)
94
+ redirect_url = last_response.headers['Location']
95
+ expect(redirect_url).to start_with('https://samples.auth0.com/authorize')
96
+ expect(redirect_url).to have_query('response_type', 'code')
97
+ expect(redirect_url).to have_query('state')
98
+ expect(redirect_url).to have_query('client_id')
99
+ expect(redirect_url).to have_query('redirect_uri')
100
+ expect(redirect_url).to have_query('connection', 'abcd')
101
+ expect(redirect_url).not_to have_query('auth0Client')
102
+ expect(redirect_url).not_to have_query('connection_scope')
103
+ expect(redirect_url).not_to have_query('prompt')
104
+ expect(redirect_url).not_to have_query('screen_hint')
105
+ end
106
+
107
+ it 'redirects to the hosted login page with connection_scope' do
108
+ get 'auth/auth0?connection_scope=identity_provider_scope'
109
+ expect(last_response.status).to eq(302)
110
+ redirect_url = last_response.headers['Location']
111
+ expect(redirect_url).to start_with('https://samples.auth0.com/authorize')
112
+ expect(redirect_url)
113
+ .to have_query('connection_scope', 'identity_provider_scope')
114
+ end
115
+
116
+ it 'redirects to hosted login page with prompt=login' do
117
+ get 'auth/auth0?prompt=login'
118
+ expect(last_response.status).to eq(302)
119
+ redirect_url = last_response.headers['Location']
120
+ expect(redirect_url).to start_with('https://samples.auth0.com/authorize')
121
+ expect(redirect_url).to have_query('response_type', 'code')
122
+ expect(redirect_url).to have_query('state')
123
+ expect(redirect_url).to have_query('client_id')
124
+ expect(redirect_url).to have_query('redirect_uri')
125
+ expect(redirect_url).to have_query('prompt', 'login')
126
+ expect(redirect_url).not_to have_query('auth0Client')
127
+ expect(redirect_url).not_to have_query('connection')
128
+ end
129
+
130
+ it 'redirects to hosted login page with screen_hint=signup' do
131
+ get 'auth/auth0?screen_hint=signup'
132
+ expect(last_response.status).to eq(302)
133
+ redirect_url = last_response.headers['Location']
134
+ expect(redirect_url).to start_with('https://samples.auth0.com/authorize')
135
+ expect(redirect_url).to have_query('response_type', 'code')
136
+ expect(redirect_url).to have_query('state')
137
+ expect(redirect_url).to have_query('client_id')
138
+ expect(redirect_url).to have_query('redirect_uri')
139
+ expect(redirect_url).to have_query('screen_hint', 'signup')
140
+ expect(redirect_url).not_to have_query('auth0Client')
141
+ expect(redirect_url).not_to have_query('connection')
81
142
  end
82
143
 
83
144
  describe 'callback' do
@@ -85,7 +146,7 @@ describe OmniAuth::Strategies::Auth0 do
85
146
  let(:expires_in) { 2000 }
86
147
  let(:token_type) { 'bearer' }
87
148
  let(:refresh_token) { 'refresh token' }
88
- let(:id_token) { 'id token' }
149
+ let(:telemetry_value) { Class.new.extend(OmniAuth::Auth0::Telemetry).telemetry_encoded }
89
150
 
90
151
  let(:user_id) { 'user identifier' }
91
152
  let(:state) { SecureRandom.hex(8) }
@@ -95,8 +156,17 @@ describe OmniAuth::Strategies::Auth0 do
95
156
  let(:email) { 'mail@mail.com' }
96
157
  let(:email_verified) { true }
97
158
 
159
+ let(:id_token) do
160
+ payload = {}
161
+ payload['sub'] = user_id
162
+ payload['iss'] = "#{domain_url}/"
163
+ payload['aud'] = client_id
164
+ JWT.encode payload, client_secret, 'HS256'
165
+ end
166
+
98
167
  let(:oauth_response) do
99
168
  {
169
+ id_token: id_token,
100
170
  access_token: access_token,
101
171
  expires_in: expires_in,
102
172
  token_type: token_type
@@ -126,6 +196,7 @@ describe OmniAuth::Strategies::Auth0 do
126
196
 
127
197
  def stub_auth(body)
128
198
  stub_request(:post, 'https://samples.auth0.com/oauth/token')
199
+ .with(headers: { 'Auth0-Client' => telemetry_value })
129
200
  .to_return(
130
201
  headers: { 'Content-Type' => 'application/json' },
131
202
  body: MultiJson.encode(body)
@@ -273,7 +344,7 @@ RSpec::Matchers.define :have_query do |key, value|
273
344
  uri = redirect_uri(actual)
274
345
  query = query(uri)
275
346
  if value.nil?
276
- query[key].length == 1
347
+ query.key?(key)
277
348
  else
278
349
  query[key] == [value]
279
350
  end
@@ -0,0 +1,28 @@
1
+ {
2
+ "keys": [
3
+ {
4
+ "alg": "RS256",
5
+ "kty": "RSA",
6
+ "use": "sig",
7
+ "x5c": [
8
+ "MIIDCzCCAfOgAwIBAgIJAJP6qydiMpsuMA0GCSqGSIb3DQEBBQUAMBwxGjAYBgNVBAMMEXNhbXBsZXMuYXV0aDAuY29tMB4XDTE0MDUyNjIyMDA1MFoXDTI4MDIwMjIyMDA1MFowHDEaMBgGA1UEAwwRc2FtcGxlcy5hdXRoMC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkH4CFGSJ4s3mwCBzaGGwxa9Jxzfb1ia4nUumxbsuaB7PClZZgrNQiOR3MXVNV9W6F1D+wjT6oFHOo7TOkVI22I/ff3XZTE0F35UUHGWRtiQ4LdZxwOPTed2Lax3F2DEyl3Y0CguUKbq2sSghvHYcggM6aj3N53VBsnBh/kdrURDLx1RYqBIL6Fvkhb/V/v/u9UKhZM0CDQRef9FZ7R8q9ie9cnbDOj1dT9d64kiJIYtTraG0gOrs4LI+4KK0EZu5R7Uo053IK7kfNasWhDkl8yxNYkDxwfcIuAcDmLgLnAI4tfW5beJuw+/w75PO/EwzwsnvppXaAz7e3Wf8g1yWFAgMBAAGjUDBOMB0GA1UdDgQWBBTsmytFLNox+NUZdTNlCUL3hHrngTAfBgNVHSMEGDAWgBTsmytFLNox+NUZdTNlCUL3hHrngTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAodbRX/34LnWB70l8dpDF1neDoG29F0XdpE9ICWHeWB1gb/FvJ5UMy9/pnL0DI3mPwkTDDob+16Zc68o6dT6sH3vEUP1iRreJlFADEmJZjrH9P4Y7ttx3G2Uw2RU5uucXIqiyMDBrQo4vx4Lnghl+b/WYbZJgzLfZLgkOEjcznS0Yi5Wdz6MvaL3FehSfweHyrjmxz0e8elHq7VY8OqRA+4PmUBce9BgDCk9fZFjgj8l0m9Vc5pPKSY9LMmTyrYkeDr/KppqdXKOCHmv7AIGb6rMCtbkIL/CM7Bh9Hx78/UKAz87Sl9A1yXVNjKbZwOEW60ORIwJmd8Tv46gJF+/rV"
9
+ ],
10
+ "n": "pB-AhRkieLN5sAgc2hhsMWvScc329YmuJ1LpsW7LmgezwpWWYKzUIjkdzF1TVfVuhdQ_sI0-qBRzqO0zpFSNtiP33912UxNBd-VFBxlkbYkOC3WccDj03ndi2sdxdgxMpd2NAoLlCm6trEoIbx2HIIDOmo9zed1QbJwYf5Ha1EQy8dUWKgSC-hb5IW_1f7_7vVCoWTNAg0EXn_RWe0fKvYnvXJ2wzo9XU_XeuJIiSGLU62htIDq7OCyPuCitBGbuUe1KNOdyCu5HzWrFoQ5JfMsTWJA8cH3CLgHA5i4C5wCOLX1uW3ibsPv8O-TzvxMM8LJ76aV2gM-3t1n_INclhQ",
11
+ "e": "AQAB",
12
+ "kid": "NkJCQzIyQzRBMEU4NjhGNUU4MzU4RkY0M0ZDQzkwOUQ0Q0VGNUMwQg",
13
+ "x5t": "NkJCQzIyQzRBMEU4NjhGNUU4MzU4RkY0M0ZDQzkwOUQ0Q0VGNUMwQg"
14
+ },
15
+ {
16
+ "alg": "RS256",
17
+ "kty": "RSA",
18
+ "use": "sig",
19
+ "x5c": [
20
+ "MIIC8DCCAdigAwIBAgIJ4pL5sRgcIYGZMA0GCSqGSIb3DQEBBQUAMB8xHTAbBgNVBAMTFGxiYWxtYWNlZGEuYXV0aDAuY29tMB4XDTE1MTIxMjE5MDczM1oXDTI5MDgyMDE5MDczM1owHzEdMBsGA1UEAxMUbGJhbG1hY2VkYS5hdXRoMC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPoo5DA/X8suAZujdmD2D88Ggtu8G/kuLUdEuj1W3+wzmFcEqQpE532rg8L0uppWKAbmLWzkuwyioNDhWwCtXnug3BFQf5Lrc6nTxjk4ZQt/HdsYWCGSSZueMUG/3I+2PSql3atD2nedjY6Z9hWU8kzOjF9wzkLMgPf/OYpuz9A+6d+/K8jApRPfsQ1LDVWDG8YRtj+IyHhSvXS+cK03iuD7yVLKkIZuoS8ymMJpnZONHGds/3P9pHY29KqliSYW0eGEX3BIarZG06gRJ+88WUbRi9+rfVAoGLq++S+bc021txK+qYS3nknhY0uv/ODBb4eeycuDjjdyLBCShVvbXFAgMBAAGjLzAtMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFG38TTjyzhRmpK7MXfvBXDcBtYJ3MA0GCSqGSIb3DQEBBQUAA4IBAQCLNW+rA25tjHs6Sa9VPgBfMMLd1PIEgMpQhET9JqpGYUgB+0q1leXw1cwh14x/6PF2oo3jPOMW+wCDA7KAVKYewYSr/Enph+zNFPaq2YQL9dCsVFcBsnEGznwZaqHrqxQDX9S2Ek6E9jNsuBCSpAPcTsfbn2TXz77V+HZ/4tbwRvYEX1S5agiZFyjZzJMiZU1KQzP5PhfzD6RPl5KTK2PYRhVdXwyuFxOdJzCzOC9E/Uw30Zd6+9oHmoNfvJr8BRy67YWjXaQAh2m8e+zv/dEzPimgvaLmI1yz4W+93dJy3NdMuCvObOqA534tviv5PkV57ewXAnWPbxyBHr57HdQ1"
21
+ ],
22
+ "n": "z6KOQwP1_LLgGbo3Zg9g_PBoLbvBv5Li1HRLo9Vt_sM5hXBKkKROd9q4PC9LqaVigG5i1s5LsMoqDQ4VsArV57oNwRUH-S63Op08Y5OGULfx3bGFghkkmbnjFBv9yPtj0qpd2rQ9p3nY2OmfYVlPJMzoxfcM5CzID3_zmKbs_QPunfvyvIwKUT37ENSw1VgxvGEbY_iMh4Ur10vnCtN4rg-8lSypCGbqEvMpjCaZ2TjRxnbP9z_aR2NvSqpYkmFtHhhF9wSGq2RtOoESfvPFlG0Yvfq31QKBi6vvkvm3NNtbcSvqmEt55J4WNLr_zgwW-HnsnLg443ciwQkoVb21xQ",
23
+ "e": "AQAB",
24
+ "kid": "RUVBOTVEMEZBMTA5NDAzNEQzNTZGNzMyMTI4MzU1RkNFQzhCQTM0Mg",
25
+ "x5t": "RUVBOTVEMEZBMTA5NDAzNEQzNTZGNzMyMTI4MzU1RkNFQzhCQTM0Mg"
26
+ }
27
+ ]
28
+ }
@@ -1,12 +1,14 @@
1
- $LOAD_PATH.unshift File.expand_path('..', __FILE__)
2
- $LOAD_PATH.unshift File.expand_path('../../lib', __FILE__)
1
+ $LOAD_PATH.unshift File.expand_path(__dir__)
2
+ $LOAD_PATH.unshift File.expand_path('../lib', __dir__)
3
3
 
4
4
  require 'simplecov'
5
- if ENV['COVERAGE']
6
- SimpleCov.start do
7
- minimum_coverage(89.8)
8
- end
5
+ SimpleCov.start
6
+
7
+ if ENV['CI'] == 'true'
8
+ require 'codecov'
9
+ SimpleCov.formatter = SimpleCov::Formatter::Codecov
9
10
  end
11
+
10
12
  require 'rspec'
11
13
  require 'rack/test'
12
14
  require 'webmock/rspec'
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-auth0
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.0
4
+ version: 2.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Auth0
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-01-25 00:00:00.000000000 Z
11
+ date: 2020-09-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: omniauth-oauth2
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: '1.4'
19
+ version: '1.5'
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: '1.4'
26
+ version: '1.5'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: bundler
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -43,37 +43,52 @@ description: |
43
43
 
44
44
  OmniAuth is a library that standardizes multi-provider authentication for web applications. It was created to be powerful, flexible, and do as little as possible.
45
45
 
46
- omniauth-auth0 is the omniauth strategy for Auth0.
46
+ omniauth-auth0 is the OmniAuth strategy for Auth0.
47
47
  email:
48
48
  - info@auth0.com
49
49
  executables: []
50
50
  extensions: []
51
51
  extra_rdoc_files: []
52
52
  files:
53
+ - ".circleci/config.yml"
53
54
  - ".gemrelease"
55
+ - ".github/CODEOWNERS"
56
+ - ".github/ISSUE_TEMPLATE.md"
57
+ - ".github/PULL_REQUEST_TEMPLATE.md"
58
+ - ".github/stale.yml"
54
59
  - ".gitignore"
55
60
  - ".rspec"
56
61
  - ".rubocop.yml"
57
- - ".travis.yml"
62
+ - ".snyk"
58
63
  - CHANGELOG.md
64
+ - CODE_OF_CONDUCT.md
65
+ - CONTRIBUTING.md
59
66
  - Gemfile
67
+ - Gemfile.lock
60
68
  - Guardfile
61
69
  - LICENSE
62
70
  - README.md
63
71
  - Rakefile
72
+ - codecov.yml
64
73
  - examples/sinatra/app.rb
65
74
  - examples/sinatra/config.ru
66
75
  - lib/omniauth-auth0.rb
67
76
  - lib/omniauth-auth0/version.rb
77
+ - lib/omniauth/auth0/errors.rb
78
+ - lib/omniauth/auth0/jwt_validator.rb
79
+ - lib/omniauth/auth0/telemetry.rb
68
80
  - lib/omniauth/strategies/auth0.rb
69
81
  - omniauth-auth0.gemspec
82
+ - spec/omniauth/auth0/jwt_validator_spec.rb
83
+ - spec/omniauth/auth0/telemetry_spec.rb
70
84
  - spec/omniauth/strategies/auth0_spec.rb
85
+ - spec/resources/jwks.json
71
86
  - spec/spec_helper.rb
72
87
  homepage: https://github.com/auth0/omniauth-auth0
73
88
  licenses:
74
89
  - MIT
75
90
  metadata: {}
76
- post_install_message:
91
+ post_install_message:
77
92
  rdoc_options: []
78
93
  require_paths:
79
94
  - lib
@@ -88,11 +103,13 @@ required_rubygems_version: !ruby/object:Gem::Requirement
88
103
  - !ruby/object:Gem::Version
89
104
  version: '0'
90
105
  requirements: []
91
- rubyforge_project: omniauth-auth0
92
- rubygems_version: 2.4.5.1
93
- signing_key:
106
+ rubygems_version: 3.1.2
107
+ signing_key:
94
108
  specification_version: 4
95
- summary: Omniauth OAuth2 strategy for the Auth0 platform.
109
+ summary: OmniAuth OAuth2 strategy for the Auth0 platform.
96
110
  test_files:
111
+ - spec/omniauth/auth0/jwt_validator_spec.rb
112
+ - spec/omniauth/auth0/telemetry_spec.rb
97
113
  - spec/omniauth/strategies/auth0_spec.rb
114
+ - spec/resources/jwks.json
98
115
  - spec/spec_helper.rb
@@ -1,6 +0,0 @@
1
- language: ruby
2
- rvm:
3
- - 2.2.5
4
- branches:
5
- only:
6
- - master