omniauth-auth0 2.0.0 → 2.4.0

data/spec/omniauth/auth0/telemetry_spec.rb

@@ -0,0 +1,28 @@
+require 'spec_helper'
+require 'json'
+
+describe OmniAuth::Auth0::Telemetry do
+
+  let(:test_class) { Class.new.extend(OmniAuth::Auth0::Telemetry) }
+
+  describe 'telemetry' do
+
+    it 'should have the correct SDK name' do
+      expect(test_class.telemetry).to have_key(:name)
+      expect(test_class.telemetry[:name]).to eq('omniauth-auth0')
+    end
+
+    it 'should have the correct SDK version' do
+      expect(test_class.telemetry).to have_key(:version)
+      expect(test_class.telemetry[:version]).to eq(OmniAuth::Auth0::VERSION)
+    end
+
+    it 'should include the Ruby version' do
+      expect(test_class.telemetry).to have_key(:env)
+      expect(test_class.telemetry[:env]).to have_key(:ruby)
+      expect(test_class.telemetry[:env][:ruby]).to eq(RUBY_VERSION)
+    end
+
+  end
+
+end

data/spec/omniauth/strategies/auth0_spec.rb

@@ -1,4 +1,7 @@
+# frozen_string_literal: true
+
 require 'spec_helper'
+require 'jwt'
 
 RSpec.shared_examples 'site has valid domain url' do |url|
   it { expect(subject.site).to eq(url) }
@@ -78,6 +81,64 @@ describe OmniAuth::Strategies::Auth0 do
       expect(redirect_url).to have_query('state')
       expect(redirect_url).to have_query('client_id')
       expect(redirect_url).to have_query('redirect_uri')
+      expect(redirect_url).not_to have_query('auth0Client')
+      expect(redirect_url).not_to have_query('connection')
+      expect(redirect_url).not_to have_query('connection_scope')
+      expect(redirect_url).not_to have_query('prompt')
+      expect(redirect_url).not_to have_query('screen_hint')
+    end
+
+    it 'redirects to hosted login page' do
+      get 'auth/auth0?connection=abcd'
+      expect(last_response.status).to eq(302)
+      redirect_url = last_response.headers['Location']
+      expect(redirect_url).to start_with('https://samples.auth0.com/authorize')
+      expect(redirect_url).to have_query('response_type', 'code')
+      expect(redirect_url).to have_query('state')
+      expect(redirect_url).to have_query('client_id')
+      expect(redirect_url).to have_query('redirect_uri')
+      expect(redirect_url).to have_query('connection', 'abcd')
+      expect(redirect_url).not_to have_query('auth0Client')
+      expect(redirect_url).not_to have_query('connection_scope')
+      expect(redirect_url).not_to have_query('prompt')
+      expect(redirect_url).not_to have_query('screen_hint')
+    end
+
+    it 'redirects to the hosted login page with connection_scope' do
+      get 'auth/auth0?connection_scope=identity_provider_scope'
+      expect(last_response.status).to eq(302)
+      redirect_url = last_response.headers['Location']
+      expect(redirect_url).to start_with('https://samples.auth0.com/authorize')
+      expect(redirect_url)
+        .to have_query('connection_scope', 'identity_provider_scope')
+    end
+
+    it 'redirects to hosted login page with prompt=login' do
+      get 'auth/auth0?prompt=login'
+      expect(last_response.status).to eq(302)
+      redirect_url = last_response.headers['Location']
+      expect(redirect_url).to start_with('https://samples.auth0.com/authorize')
+      expect(redirect_url).to have_query('response_type', 'code')
+      expect(redirect_url).to have_query('state')
+      expect(redirect_url).to have_query('client_id')
+      expect(redirect_url).to have_query('redirect_uri')
+      expect(redirect_url).to have_query('prompt', 'login')
+      expect(redirect_url).not_to have_query('auth0Client')
+      expect(redirect_url).not_to have_query('connection')
+    end
+
+    it 'redirects to hosted login page with screen_hint=signup' do
+      get 'auth/auth0?screen_hint=signup'
+      expect(last_response.status).to eq(302)
+      redirect_url = last_response.headers['Location']
+      expect(redirect_url).to start_with('https://samples.auth0.com/authorize')
+      expect(redirect_url).to have_query('response_type', 'code')
+      expect(redirect_url).to have_query('state')
+      expect(redirect_url).to have_query('client_id')
+      expect(redirect_url).to have_query('redirect_uri')
+      expect(redirect_url).to have_query('screen_hint', 'signup')
+      expect(redirect_url).not_to have_query('auth0Client')
+      expect(redirect_url).not_to have_query('connection')
     end
 
     describe 'callback' do
@@ -85,7 +146,7 @@ describe OmniAuth::Strategies::Auth0 do
       let(:expires_in) { 2000 }
       let(:token_type) { 'bearer' }
       let(:refresh_token) { 'refresh token' }
-      let(:id_token) { 'id token' }
+      let(:telemetry_value) { Class.new.extend(OmniAuth::Auth0::Telemetry).telemetry_encoded }
 
       let(:user_id) { 'user identifier' }
       let(:state) { SecureRandom.hex(8) }
@@ -95,8 +156,17 @@ describe OmniAuth::Strategies::Auth0 do
       let(:email) { 'mail@mail.com' }
       let(:email_verified) { true }
 
+      let(:id_token) do
+        payload = {}
+        payload['sub'] = user_id
+        payload['iss'] = "#{domain_url}/"
+        payload['aud'] = client_id
+        JWT.encode payload, client_secret, 'HS256'
+      end
+
       let(:oauth_response) do
         {
+          id_token: id_token,
           access_token: access_token,
           expires_in: expires_in,
           token_type: token_type
@@ -126,6 +196,7 @@ describe OmniAuth::Strategies::Auth0 do
 
       def stub_auth(body)
         stub_request(:post, 'https://samples.auth0.com/oauth/token')
+          .with(headers: { 'Auth0-Client' => telemetry_value })
           .to_return(
             headers: { 'Content-Type' => 'application/json' },
             body: MultiJson.encode(body)
@@ -273,7 +344,7 @@ RSpec::Matchers.define :have_query do |key, value|
     uri = redirect_uri(actual)
     query = query(uri)
     if value.nil?
-      query[key].length == 1
+      query.key?(key)
     else
       query[key] == [value]
     end

data/spec/resources/jwks.json

@@ -0,0 +1,28 @@
+{
+  "keys": [
+    {
+      "alg": "RS256",
+      "kty": "RSA",
+      "use": "sig",
+      "x5c": [
+        "MIIDCzCCAfOgAwIBAgIJAJP6qydiMpsuMA0GCSqGSIb3DQEBBQUAMBwxGjAYBgNVBAMMEXNhbXBsZXMuYXV0aDAuY29tMB4XDTE0MDUyNjIyMDA1MFoXDTI4MDIwMjIyMDA1MFowHDEaMBgGA1UEAwwRc2FtcGxlcy5hdXRoMC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkH4CFGSJ4s3mwCBzaGGwxa9Jxzfb1ia4nUumxbsuaB7PClZZgrNQiOR3MXVNV9W6F1D+wjT6oFHOo7TOkVI22I/ff3XZTE0F35UUHGWRtiQ4LdZxwOPTed2Lax3F2DEyl3Y0CguUKbq2sSghvHYcggM6aj3N53VBsnBh/kdrURDLx1RYqBIL6Fvkhb/V/v/u9UKhZM0CDQRef9FZ7R8q9ie9cnbDOj1dT9d64kiJIYtTraG0gOrs4LI+4KK0EZu5R7Uo053IK7kfNasWhDkl8yxNYkDxwfcIuAcDmLgLnAI4tfW5beJuw+/w75PO/EwzwsnvppXaAz7e3Wf8g1yWFAgMBAAGjUDBOMB0GA1UdDgQWBBTsmytFLNox+NUZdTNlCUL3hHrngTAfBgNVHSMEGDAWgBTsmytFLNox+NUZdTNlCUL3hHrngTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAodbRX/34LnWB70l8dpDF1neDoG29F0XdpE9ICWHeWB1gb/FvJ5UMy9/pnL0DI3mPwkTDDob+16Zc68o6dT6sH3vEUP1iRreJlFADEmJZjrH9P4Y7ttx3G2Uw2RU5uucXIqiyMDBrQo4vx4Lnghl+b/WYbZJgzLfZLgkOEjcznS0Yi5Wdz6MvaL3FehSfweHyrjmxz0e8elHq7VY8OqRA+4PmUBce9BgDCk9fZFjgj8l0m9Vc5pPKSY9LMmTyrYkeDr/KppqdXKOCHmv7AIGb6rMCtbkIL/CM7Bh9Hx78/UKAz87Sl9A1yXVNjKbZwOEW60ORIwJmd8Tv46gJF+/rV"
+      ],
+      "n": "pB-AhRkieLN5sAgc2hhsMWvScc329YmuJ1LpsW7LmgezwpWWYKzUIjkdzF1TVfVuhdQ_sI0-qBRzqO0zpFSNtiP33912UxNBd-VFBxlkbYkOC3WccDj03ndi2sdxdgxMpd2NAoLlCm6trEoIbx2HIIDOmo9zed1QbJwYf5Ha1EQy8dUWKgSC-hb5IW_1f7_7vVCoWTNAg0EXn_RWe0fKvYnvXJ2wzo9XU_XeuJIiSGLU62htIDq7OCyPuCitBGbuUe1KNOdyCu5HzWrFoQ5JfMsTWJA8cH3CLgHA5i4C5wCOLX1uW3ibsPv8O-TzvxMM8LJ76aV2gM-3t1n_INclhQ",
+      "e": "AQAB",
+      "kid": "NkJCQzIyQzRBMEU4NjhGNUU4MzU4RkY0M0ZDQzkwOUQ0Q0VGNUMwQg",
+      "x5t": "NkJCQzIyQzRBMEU4NjhGNUU4MzU4RkY0M0ZDQzkwOUQ0Q0VGNUMwQg"
+    },
+    {
+      "alg": "RS256",
+      "kty": "RSA",
+      "use": "sig",
+      "x5c": [
+        "MIIC8DCCAdigAwIBAgIJ4pL5sRgcIYGZMA0GCSqGSIb3DQEBBQUAMB8xHTAbBgNVBAMTFGxiYWxtYWNlZGEuYXV0aDAuY29tMB4XDTE1MTIxMjE5MDczM1oXDTI5MDgyMDE5MDczM1owHzEdMBsGA1UEAxMUbGJhbG1hY2VkYS5hdXRoMC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPoo5DA/X8suAZujdmD2D88Ggtu8G/kuLUdEuj1W3+wzmFcEqQpE532rg8L0uppWKAbmLWzkuwyioNDhWwCtXnug3BFQf5Lrc6nTxjk4ZQt/HdsYWCGSSZueMUG/3I+2PSql3atD2nedjY6Z9hWU8kzOjF9wzkLMgPf/OYpuz9A+6d+/K8jApRPfsQ1LDVWDG8YRtj+IyHhSvXS+cK03iuD7yVLKkIZuoS8ymMJpnZONHGds/3P9pHY29KqliSYW0eGEX3BIarZG06gRJ+88WUbRi9+rfVAoGLq++S+bc021txK+qYS3nknhY0uv/ODBb4eeycuDjjdyLBCShVvbXFAgMBAAGjLzAtMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFG38TTjyzhRmpK7MXfvBXDcBtYJ3MA0GCSqGSIb3DQEBBQUAA4IBAQCLNW+rA25tjHs6Sa9VPgBfMMLd1PIEgMpQhET9JqpGYUgB+0q1leXw1cwh14x/6PF2oo3jPOMW+wCDA7KAVKYewYSr/Enph+zNFPaq2YQL9dCsVFcBsnEGznwZaqHrqxQDX9S2Ek6E9jNsuBCSpAPcTsfbn2TXz77V+HZ/4tbwRvYEX1S5agiZFyjZzJMiZU1KQzP5PhfzD6RPl5KTK2PYRhVdXwyuFxOdJzCzOC9E/Uw30Zd6+9oHmoNfvJr8BRy67YWjXaQAh2m8e+zv/dEzPimgvaLmI1yz4W+93dJy3NdMuCvObOqA534tviv5PkV57ewXAnWPbxyBHr57HdQ1"
+      ],
+      "n": "z6KOQwP1_LLgGbo3Zg9g_PBoLbvBv5Li1HRLo9Vt_sM5hXBKkKROd9q4PC9LqaVigG5i1s5LsMoqDQ4VsArV57oNwRUH-S63Op08Y5OGULfx3bGFghkkmbnjFBv9yPtj0qpd2rQ9p3nY2OmfYVlPJMzoxfcM5CzID3_zmKbs_QPunfvyvIwKUT37ENSw1VgxvGEbY_iMh4Ur10vnCtN4rg-8lSypCGbqEvMpjCaZ2TjRxnbP9z_aR2NvSqpYkmFtHhhF9wSGq2RtOoESfvPFlG0Yvfq31QKBi6vvkvm3NNtbcSvqmEt55J4WNLr_zgwW-HnsnLg443ciwQkoVb21xQ",
+      "e": "AQAB",
+      "kid": "RUVBOTVEMEZBMTA5NDAzNEQzNTZGNzMyMTI4MzU1RkNFQzhCQTM0Mg",
+      "x5t": "RUVBOTVEMEZBMTA5NDAzNEQzNTZGNzMyMTI4MzU1RkNFQzhCQTM0Mg"
+    }
+  ]
+}

data/spec/spec_helper.rb

@@ -1,12 +1,14 @@
-$LOAD_PATH.unshift File.expand_path('..', __FILE__)
-$LOAD_PATH.unshift File.expand_path('../../lib', __FILE__)
+$LOAD_PATH.unshift File.expand_path(__dir__)
+$LOAD_PATH.unshift File.expand_path('../lib', __dir__)
 
 require 'simplecov'
-if ENV['COVERAGE']
-  SimpleCov.start do
-    minimum_coverage(89.8)
-  end
+SimpleCov.start
+
+if ENV['CI'] == 'true'
+  require 'codecov'
+  SimpleCov.formatter = SimpleCov::Formatter::Codecov
 end
+
 require 'rspec'
 require 'rack/test'
 require 'webmock/rspec'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-auth0
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.4.0
 platform: ruby
 authors:
 - Auth0
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-01-25 00:00:00.000000000 Z
+date: 2020-09-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth-oauth2
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.4'
+        version: '1.5'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.4'
+        version: '1.5'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -43,37 +43,52 @@ description: |
 
   OmniAuth is a library that standardizes multi-provider authentication for web applications. It was created to be powerful, flexible, and do as little as possible.
 
-  omniauth-auth0 is the omniauth strategy for Auth0.
+  omniauth-auth0 is the OmniAuth strategy for Auth0.
 email:
 - info@auth0.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".circleci/config.yml"
 - ".gemrelease"
+- ".github/CODEOWNERS"
+- ".github/ISSUE_TEMPLATE.md"
+- ".github/PULL_REQUEST_TEMPLATE.md"
+- ".github/stale.yml"
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
-- ".travis.yml"
+- ".snyk"
 - CHANGELOG.md
+- CODE_OF_CONDUCT.md
+- CONTRIBUTING.md
 - Gemfile
+- Gemfile.lock
 - Guardfile
 - LICENSE
 - README.md
 - Rakefile
+- codecov.yml
 - examples/sinatra/app.rb
 - examples/sinatra/config.ru
 - lib/omniauth-auth0.rb
 - lib/omniauth-auth0/version.rb
+- lib/omniauth/auth0/errors.rb
+- lib/omniauth/auth0/jwt_validator.rb
+- lib/omniauth/auth0/telemetry.rb
 - lib/omniauth/strategies/auth0.rb
 - omniauth-auth0.gemspec
+- spec/omniauth/auth0/jwt_validator_spec.rb
+- spec/omniauth/auth0/telemetry_spec.rb
 - spec/omniauth/strategies/auth0_spec.rb
+- spec/resources/jwks.json
 - spec/spec_helper.rb
 homepage: https://github.com/auth0/omniauth-auth0
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -88,11 +103,13 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: omniauth-auth0
-rubygems_version: 2.4.5.1
-signing_key: 
+rubygems_version: 3.1.2
+signing_key:
 specification_version: 4
-summary: Omniauth OAuth2 strategy for the Auth0 platform.
+summary: OmniAuth OAuth2 strategy for the Auth0 platform.
 test_files:
+- spec/omniauth/auth0/jwt_validator_spec.rb
+- spec/omniauth/auth0/telemetry_spec.rb
 - spec/omniauth/strategies/auth0_spec.rb
+- spec/resources/jwks.json
 - spec/spec_helper.rb

data/.travis.yml

@@ -1,6 +0,0 @@
-language: ruby
-rvm:
-- 2.2.5
-branches:
-  only:
-    - master