omniauth-auth0 2.0.0 → 2.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of omniauth-auth0 might be problematic. Click here for more details.
- checksums.yaml +5 -5
- data/.circleci/config.yml +22 -0
- data/.github/CODEOWNERS +1 -0
- data/.github/ISSUE_TEMPLATE.md +39 -0
- data/.github/PULL_REQUEST_TEMPLATE.md +32 -0
- data/.github/stale.yml +20 -0
- data/.gitignore +5 -2
- data/.snyk +9 -0
- data/CHANGELOG.md +91 -1
- data/CODE_OF_CONDUCT.md +3 -0
- data/CONTRIBUTING.md +71 -0
- data/Gemfile +4 -4
- data/Gemfile.lock +167 -0
- data/README.md +114 -85
- data/Rakefile +2 -2
- data/codecov.yml +22 -0
- data/lib/omniauth-auth0.rb +1 -1
- data/lib/omniauth-auth0/version.rb +1 -1
- data/lib/omniauth/auth0/errors.rb +11 -0
- data/lib/omniauth/auth0/jwt_validator.rb +228 -0
- data/lib/omniauth/auth0/telemetry.rb +36 -0
- data/lib/omniauth/strategies/auth0.rb +77 -19
- data/omniauth-auth0.gemspec +3 -5
- data/spec/omniauth/auth0/jwt_validator_spec.rb +501 -0
- data/spec/omniauth/auth0/telemetry_spec.rb +28 -0
- data/spec/omniauth/strategies/auth0_spec.rb +73 -2
- data/spec/resources/jwks.json +28 -0
- data/spec/spec_helper.rb +8 -6
- metadata +29 -12
- data/.travis.yml +0 -6
@@ -0,0 +1,28 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'json'
|
3
|
+
|
4
|
+
describe OmniAuth::Auth0::Telemetry do
|
5
|
+
|
6
|
+
let(:test_class) { Class.new.extend(OmniAuth::Auth0::Telemetry) }
|
7
|
+
|
8
|
+
describe 'telemetry' do
|
9
|
+
|
10
|
+
it 'should have the correct SDK name' do
|
11
|
+
expect(test_class.telemetry).to have_key(:name)
|
12
|
+
expect(test_class.telemetry[:name]).to eq('omniauth-auth0')
|
13
|
+
end
|
14
|
+
|
15
|
+
it 'should have the correct SDK version' do
|
16
|
+
expect(test_class.telemetry).to have_key(:version)
|
17
|
+
expect(test_class.telemetry[:version]).to eq(OmniAuth::Auth0::VERSION)
|
18
|
+
end
|
19
|
+
|
20
|
+
it 'should include the Ruby version' do
|
21
|
+
expect(test_class.telemetry).to have_key(:env)
|
22
|
+
expect(test_class.telemetry[:env]).to have_key(:ruby)
|
23
|
+
expect(test_class.telemetry[:env][:ruby]).to eq(RUBY_VERSION)
|
24
|
+
end
|
25
|
+
|
26
|
+
end
|
27
|
+
|
28
|
+
end
|
@@ -1,4 +1,7 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'spec_helper'
|
4
|
+
require 'jwt'
|
2
5
|
|
3
6
|
RSpec.shared_examples 'site has valid domain url' do |url|
|
4
7
|
it { expect(subject.site).to eq(url) }
|
@@ -78,6 +81,64 @@ describe OmniAuth::Strategies::Auth0 do
|
|
78
81
|
expect(redirect_url).to have_query('state')
|
79
82
|
expect(redirect_url).to have_query('client_id')
|
80
83
|
expect(redirect_url).to have_query('redirect_uri')
|
84
|
+
expect(redirect_url).not_to have_query('auth0Client')
|
85
|
+
expect(redirect_url).not_to have_query('connection')
|
86
|
+
expect(redirect_url).not_to have_query('connection_scope')
|
87
|
+
expect(redirect_url).not_to have_query('prompt')
|
88
|
+
expect(redirect_url).not_to have_query('screen_hint')
|
89
|
+
end
|
90
|
+
|
91
|
+
it 'redirects to hosted login page' do
|
92
|
+
get 'auth/auth0?connection=abcd'
|
93
|
+
expect(last_response.status).to eq(302)
|
94
|
+
redirect_url = last_response.headers['Location']
|
95
|
+
expect(redirect_url).to start_with('https://samples.auth0.com/authorize')
|
96
|
+
expect(redirect_url).to have_query('response_type', 'code')
|
97
|
+
expect(redirect_url).to have_query('state')
|
98
|
+
expect(redirect_url).to have_query('client_id')
|
99
|
+
expect(redirect_url).to have_query('redirect_uri')
|
100
|
+
expect(redirect_url).to have_query('connection', 'abcd')
|
101
|
+
expect(redirect_url).not_to have_query('auth0Client')
|
102
|
+
expect(redirect_url).not_to have_query('connection_scope')
|
103
|
+
expect(redirect_url).not_to have_query('prompt')
|
104
|
+
expect(redirect_url).not_to have_query('screen_hint')
|
105
|
+
end
|
106
|
+
|
107
|
+
it 'redirects to the hosted login page with connection_scope' do
|
108
|
+
get 'auth/auth0?connection_scope=identity_provider_scope'
|
109
|
+
expect(last_response.status).to eq(302)
|
110
|
+
redirect_url = last_response.headers['Location']
|
111
|
+
expect(redirect_url).to start_with('https://samples.auth0.com/authorize')
|
112
|
+
expect(redirect_url)
|
113
|
+
.to have_query('connection_scope', 'identity_provider_scope')
|
114
|
+
end
|
115
|
+
|
116
|
+
it 'redirects to hosted login page with prompt=login' do
|
117
|
+
get 'auth/auth0?prompt=login'
|
118
|
+
expect(last_response.status).to eq(302)
|
119
|
+
redirect_url = last_response.headers['Location']
|
120
|
+
expect(redirect_url).to start_with('https://samples.auth0.com/authorize')
|
121
|
+
expect(redirect_url).to have_query('response_type', 'code')
|
122
|
+
expect(redirect_url).to have_query('state')
|
123
|
+
expect(redirect_url).to have_query('client_id')
|
124
|
+
expect(redirect_url).to have_query('redirect_uri')
|
125
|
+
expect(redirect_url).to have_query('prompt', 'login')
|
126
|
+
expect(redirect_url).not_to have_query('auth0Client')
|
127
|
+
expect(redirect_url).not_to have_query('connection')
|
128
|
+
end
|
129
|
+
|
130
|
+
it 'redirects to hosted login page with screen_hint=signup' do
|
131
|
+
get 'auth/auth0?screen_hint=signup'
|
132
|
+
expect(last_response.status).to eq(302)
|
133
|
+
redirect_url = last_response.headers['Location']
|
134
|
+
expect(redirect_url).to start_with('https://samples.auth0.com/authorize')
|
135
|
+
expect(redirect_url).to have_query('response_type', 'code')
|
136
|
+
expect(redirect_url).to have_query('state')
|
137
|
+
expect(redirect_url).to have_query('client_id')
|
138
|
+
expect(redirect_url).to have_query('redirect_uri')
|
139
|
+
expect(redirect_url).to have_query('screen_hint', 'signup')
|
140
|
+
expect(redirect_url).not_to have_query('auth0Client')
|
141
|
+
expect(redirect_url).not_to have_query('connection')
|
81
142
|
end
|
82
143
|
|
83
144
|
describe 'callback' do
|
@@ -85,7 +146,7 @@ describe OmniAuth::Strategies::Auth0 do
|
|
85
146
|
let(:expires_in) { 2000 }
|
86
147
|
let(:token_type) { 'bearer' }
|
87
148
|
let(:refresh_token) { 'refresh token' }
|
88
|
-
let(:
|
149
|
+
let(:telemetry_value) { Class.new.extend(OmniAuth::Auth0::Telemetry).telemetry_encoded }
|
89
150
|
|
90
151
|
let(:user_id) { 'user identifier' }
|
91
152
|
let(:state) { SecureRandom.hex(8) }
|
@@ -95,8 +156,17 @@ describe OmniAuth::Strategies::Auth0 do
|
|
95
156
|
let(:email) { 'mail@mail.com' }
|
96
157
|
let(:email_verified) { true }
|
97
158
|
|
159
|
+
let(:id_token) do
|
160
|
+
payload = {}
|
161
|
+
payload['sub'] = user_id
|
162
|
+
payload['iss'] = "#{domain_url}/"
|
163
|
+
payload['aud'] = client_id
|
164
|
+
JWT.encode payload, client_secret, 'HS256'
|
165
|
+
end
|
166
|
+
|
98
167
|
let(:oauth_response) do
|
99
168
|
{
|
169
|
+
id_token: id_token,
|
100
170
|
access_token: access_token,
|
101
171
|
expires_in: expires_in,
|
102
172
|
token_type: token_type
|
@@ -126,6 +196,7 @@ describe OmniAuth::Strategies::Auth0 do
|
|
126
196
|
|
127
197
|
def stub_auth(body)
|
128
198
|
stub_request(:post, 'https://samples.auth0.com/oauth/token')
|
199
|
+
.with(headers: { 'Auth0-Client' => telemetry_value })
|
129
200
|
.to_return(
|
130
201
|
headers: { 'Content-Type' => 'application/json' },
|
131
202
|
body: MultiJson.encode(body)
|
@@ -273,7 +344,7 @@ RSpec::Matchers.define :have_query do |key, value|
|
|
273
344
|
uri = redirect_uri(actual)
|
274
345
|
query = query(uri)
|
275
346
|
if value.nil?
|
276
|
-
query
|
347
|
+
query.key?(key)
|
277
348
|
else
|
278
349
|
query[key] == [value]
|
279
350
|
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
{
|
2
|
+
"keys": [
|
3
|
+
{
|
4
|
+
"alg": "RS256",
|
5
|
+
"kty": "RSA",
|
6
|
+
"use": "sig",
|
7
|
+
"x5c": [
|
8
|
+
"MIIDCzCCAfOgAwIBAgIJAJP6qydiMpsuMA0GCSqGSIb3DQEBBQUAMBwxGjAYBgNVBAMMEXNhbXBsZXMuYXV0aDAuY29tMB4XDTE0MDUyNjIyMDA1MFoXDTI4MDIwMjIyMDA1MFowHDEaMBgGA1UEAwwRc2FtcGxlcy5hdXRoMC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkH4CFGSJ4s3mwCBzaGGwxa9Jxzfb1ia4nUumxbsuaB7PClZZgrNQiOR3MXVNV9W6F1D+wjT6oFHOo7TOkVI22I/ff3XZTE0F35UUHGWRtiQ4LdZxwOPTed2Lax3F2DEyl3Y0CguUKbq2sSghvHYcggM6aj3N53VBsnBh/kdrURDLx1RYqBIL6Fvkhb/V/v/u9UKhZM0CDQRef9FZ7R8q9ie9cnbDOj1dT9d64kiJIYtTraG0gOrs4LI+4KK0EZu5R7Uo053IK7kfNasWhDkl8yxNYkDxwfcIuAcDmLgLnAI4tfW5beJuw+/w75PO/EwzwsnvppXaAz7e3Wf8g1yWFAgMBAAGjUDBOMB0GA1UdDgQWBBTsmytFLNox+NUZdTNlCUL3hHrngTAfBgNVHSMEGDAWgBTsmytFLNox+NUZdTNlCUL3hHrngTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAodbRX/34LnWB70l8dpDF1neDoG29F0XdpE9ICWHeWB1gb/FvJ5UMy9/pnL0DI3mPwkTDDob+16Zc68o6dT6sH3vEUP1iRreJlFADEmJZjrH9P4Y7ttx3G2Uw2RU5uucXIqiyMDBrQo4vx4Lnghl+b/WYbZJgzLfZLgkOEjcznS0Yi5Wdz6MvaL3FehSfweHyrjmxz0e8elHq7VY8OqRA+4PmUBce9BgDCk9fZFjgj8l0m9Vc5pPKSY9LMmTyrYkeDr/KppqdXKOCHmv7AIGb6rMCtbkIL/CM7Bh9Hx78/UKAz87Sl9A1yXVNjKbZwOEW60ORIwJmd8Tv46gJF+/rV"
|
9
|
+
],
|
10
|
+
"n": "pB-AhRkieLN5sAgc2hhsMWvScc329YmuJ1LpsW7LmgezwpWWYKzUIjkdzF1TVfVuhdQ_sI0-qBRzqO0zpFSNtiP33912UxNBd-VFBxlkbYkOC3WccDj03ndi2sdxdgxMpd2NAoLlCm6trEoIbx2HIIDOmo9zed1QbJwYf5Ha1EQy8dUWKgSC-hb5IW_1f7_7vVCoWTNAg0EXn_RWe0fKvYnvXJ2wzo9XU_XeuJIiSGLU62htIDq7OCyPuCitBGbuUe1KNOdyCu5HzWrFoQ5JfMsTWJA8cH3CLgHA5i4C5wCOLX1uW3ibsPv8O-TzvxMM8LJ76aV2gM-3t1n_INclhQ",
|
11
|
+
"e": "AQAB",
|
12
|
+
"kid": "NkJCQzIyQzRBMEU4NjhGNUU4MzU4RkY0M0ZDQzkwOUQ0Q0VGNUMwQg",
|
13
|
+
"x5t": "NkJCQzIyQzRBMEU4NjhGNUU4MzU4RkY0M0ZDQzkwOUQ0Q0VGNUMwQg"
|
14
|
+
},
|
15
|
+
{
|
16
|
+
"alg": "RS256",
|
17
|
+
"kty": "RSA",
|
18
|
+
"use": "sig",
|
19
|
+
"x5c": [
|
20
|
+
"MIIC8DCCAdigAwIBAgIJ4pL5sRgcIYGZMA0GCSqGSIb3DQEBBQUAMB8xHTAbBgNVBAMTFGxiYWxtYWNlZGEuYXV0aDAuY29tMB4XDTE1MTIxMjE5MDczM1oXDTI5MDgyMDE5MDczM1owHzEdMBsGA1UEAxMUbGJhbG1hY2VkYS5hdXRoMC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPoo5DA/X8suAZujdmD2D88Ggtu8G/kuLUdEuj1W3+wzmFcEqQpE532rg8L0uppWKAbmLWzkuwyioNDhWwCtXnug3BFQf5Lrc6nTxjk4ZQt/HdsYWCGSSZueMUG/3I+2PSql3atD2nedjY6Z9hWU8kzOjF9wzkLMgPf/OYpuz9A+6d+/K8jApRPfsQ1LDVWDG8YRtj+IyHhSvXS+cK03iuD7yVLKkIZuoS8ymMJpnZONHGds/3P9pHY29KqliSYW0eGEX3BIarZG06gRJ+88WUbRi9+rfVAoGLq++S+bc021txK+qYS3nknhY0uv/ODBb4eeycuDjjdyLBCShVvbXFAgMBAAGjLzAtMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFG38TTjyzhRmpK7MXfvBXDcBtYJ3MA0GCSqGSIb3DQEBBQUAA4IBAQCLNW+rA25tjHs6Sa9VPgBfMMLd1PIEgMpQhET9JqpGYUgB+0q1leXw1cwh14x/6PF2oo3jPOMW+wCDA7KAVKYewYSr/Enph+zNFPaq2YQL9dCsVFcBsnEGznwZaqHrqxQDX9S2Ek6E9jNsuBCSpAPcTsfbn2TXz77V+HZ/4tbwRvYEX1S5agiZFyjZzJMiZU1KQzP5PhfzD6RPl5KTK2PYRhVdXwyuFxOdJzCzOC9E/Uw30Zd6+9oHmoNfvJr8BRy67YWjXaQAh2m8e+zv/dEzPimgvaLmI1yz4W+93dJy3NdMuCvObOqA534tviv5PkV57ewXAnWPbxyBHr57HdQ1"
|
21
|
+
],
|
22
|
+
"n": "z6KOQwP1_LLgGbo3Zg9g_PBoLbvBv5Li1HRLo9Vt_sM5hXBKkKROd9q4PC9LqaVigG5i1s5LsMoqDQ4VsArV57oNwRUH-S63Op08Y5OGULfx3bGFghkkmbnjFBv9yPtj0qpd2rQ9p3nY2OmfYVlPJMzoxfcM5CzID3_zmKbs_QPunfvyvIwKUT37ENSw1VgxvGEbY_iMh4Ur10vnCtN4rg-8lSypCGbqEvMpjCaZ2TjRxnbP9z_aR2NvSqpYkmFtHhhF9wSGq2RtOoESfvPFlG0Yvfq31QKBi6vvkvm3NNtbcSvqmEt55J4WNLr_zgwW-HnsnLg443ciwQkoVb21xQ",
|
23
|
+
"e": "AQAB",
|
24
|
+
"kid": "RUVBOTVEMEZBMTA5NDAzNEQzNTZGNzMyMTI4MzU1RkNFQzhCQTM0Mg",
|
25
|
+
"x5t": "RUVBOTVEMEZBMTA5NDAzNEQzNTZGNzMyMTI4MzU1RkNFQzhCQTM0Mg"
|
26
|
+
}
|
27
|
+
]
|
28
|
+
}
|
data/spec/spec_helper.rb
CHANGED
@@ -1,12 +1,14 @@
|
|
1
|
-
$LOAD_PATH.unshift File.expand_path(
|
2
|
-
$LOAD_PATH.unshift File.expand_path('
|
1
|
+
$LOAD_PATH.unshift File.expand_path(__dir__)
|
2
|
+
$LOAD_PATH.unshift File.expand_path('../lib', __dir__)
|
3
3
|
|
4
4
|
require 'simplecov'
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
5
|
+
SimpleCov.start
|
6
|
+
|
7
|
+
if ENV['CI'] == 'true'
|
8
|
+
require 'codecov'
|
9
|
+
SimpleCov.formatter = SimpleCov::Formatter::Codecov
|
9
10
|
end
|
11
|
+
|
10
12
|
require 'rspec'
|
11
13
|
require 'rack/test'
|
12
14
|
require 'webmock/rspec'
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: omniauth-auth0
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Auth0
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2020-09-23 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: omniauth-oauth2
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: '1.
|
19
|
+
version: '1.5'
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: '1.
|
26
|
+
version: '1.5'
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: bundler
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -43,37 +43,52 @@ description: |
|
|
43
43
|
|
44
44
|
OmniAuth is a library that standardizes multi-provider authentication for web applications. It was created to be powerful, flexible, and do as little as possible.
|
45
45
|
|
46
|
-
omniauth-auth0 is the
|
46
|
+
omniauth-auth0 is the OmniAuth strategy for Auth0.
|
47
47
|
email:
|
48
48
|
- info@auth0.com
|
49
49
|
executables: []
|
50
50
|
extensions: []
|
51
51
|
extra_rdoc_files: []
|
52
52
|
files:
|
53
|
+
- ".circleci/config.yml"
|
53
54
|
- ".gemrelease"
|
55
|
+
- ".github/CODEOWNERS"
|
56
|
+
- ".github/ISSUE_TEMPLATE.md"
|
57
|
+
- ".github/PULL_REQUEST_TEMPLATE.md"
|
58
|
+
- ".github/stale.yml"
|
54
59
|
- ".gitignore"
|
55
60
|
- ".rspec"
|
56
61
|
- ".rubocop.yml"
|
57
|
-
- ".
|
62
|
+
- ".snyk"
|
58
63
|
- CHANGELOG.md
|
64
|
+
- CODE_OF_CONDUCT.md
|
65
|
+
- CONTRIBUTING.md
|
59
66
|
- Gemfile
|
67
|
+
- Gemfile.lock
|
60
68
|
- Guardfile
|
61
69
|
- LICENSE
|
62
70
|
- README.md
|
63
71
|
- Rakefile
|
72
|
+
- codecov.yml
|
64
73
|
- examples/sinatra/app.rb
|
65
74
|
- examples/sinatra/config.ru
|
66
75
|
- lib/omniauth-auth0.rb
|
67
76
|
- lib/omniauth-auth0/version.rb
|
77
|
+
- lib/omniauth/auth0/errors.rb
|
78
|
+
- lib/omniauth/auth0/jwt_validator.rb
|
79
|
+
- lib/omniauth/auth0/telemetry.rb
|
68
80
|
- lib/omniauth/strategies/auth0.rb
|
69
81
|
- omniauth-auth0.gemspec
|
82
|
+
- spec/omniauth/auth0/jwt_validator_spec.rb
|
83
|
+
- spec/omniauth/auth0/telemetry_spec.rb
|
70
84
|
- spec/omniauth/strategies/auth0_spec.rb
|
85
|
+
- spec/resources/jwks.json
|
71
86
|
- spec/spec_helper.rb
|
72
87
|
homepage: https://github.com/auth0/omniauth-auth0
|
73
88
|
licenses:
|
74
89
|
- MIT
|
75
90
|
metadata: {}
|
76
|
-
post_install_message:
|
91
|
+
post_install_message:
|
77
92
|
rdoc_options: []
|
78
93
|
require_paths:
|
79
94
|
- lib
|
@@ -88,11 +103,13 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
88
103
|
- !ruby/object:Gem::Version
|
89
104
|
version: '0'
|
90
105
|
requirements: []
|
91
|
-
|
92
|
-
|
93
|
-
signing_key:
|
106
|
+
rubygems_version: 3.1.2
|
107
|
+
signing_key:
|
94
108
|
specification_version: 4
|
95
|
-
summary:
|
109
|
+
summary: OmniAuth OAuth2 strategy for the Auth0 platform.
|
96
110
|
test_files:
|
111
|
+
- spec/omniauth/auth0/jwt_validator_spec.rb
|
112
|
+
- spec/omniauth/auth0/telemetry_spec.rb
|
97
113
|
- spec/omniauth/strategies/auth0_spec.rb
|
114
|
+
- spec/resources/jwks.json
|
98
115
|
- spec/spec_helper.rb
|