omniauth-auth0 2.1.0 → 2.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.circleci/config.yml +22 -0
- data/.github/CODEOWNERS +1 -0
- data/.github/PULL_REQUEST_TEMPLATE.md +1 -1
- data/.github/stale.yml +20 -0
- data/.gitignore +1 -2
- data/.snyk +9 -0
- data/CHANGELOG.md +50 -0
- data/Gemfile +2 -1
- data/Gemfile.lock +167 -0
- data/README.md +34 -17
- data/codecov.yml +22 -0
- data/lib/omniauth-auth0.rb +1 -1
- data/lib/omniauth-auth0/version.rb +1 -1
- data/lib/omniauth/auth0/errors.rb +11 -0
- data/lib/omniauth/auth0/jwt_validator.rb +158 -29
- data/lib/omniauth/auth0/telemetry.rb +36 -0
- data/lib/omniauth/strategies/auth0.rb +41 -17
- data/omniauth-auth0.gemspec +0 -2
- data/spec/omniauth/auth0/jwt_validator_spec.rb +450 -70
- data/spec/omniauth/auth0/telemetry_spec.rb +28 -0
- data/spec/omniauth/strategies/auth0_spec.rb +51 -1
- data/spec/spec_helper.rb +6 -4
- metadata +13 -5
- data/.travis.yml +0 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: baf9ee46a227506a7f43d571bbf9b6afd3639f8bf83cb32cc8ef8a55af5041ab
|
|
4
|
+
data.tar.gz: a7529eca35711ab1217e9946c4c5872a4a8d5296773bc49425f63a2792bf40f0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b315bd912671314bcb0fd2f3bb19878ee1029fe3738c7887b732c3c346794011e23c26a39d0d77f9644846c302480469d00d1b307d6d72e6be61d9a6aa8b9e37
|
|
7
|
+
data.tar.gz: e29b464b82e4d4c3ef8870d06e1eee5f279afaf3330afa8a1167dbf4bfe0795ae4c966006c8bc6ebd993ac579ffe1cbd9cecb4aceb827a153af9e651020ea8cd
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
version: 2.1
|
|
2
|
+
jobs:
|
|
3
|
+
run-tests:
|
|
4
|
+
docker:
|
|
5
|
+
- image: circleci/ruby:2.5.7-buster
|
|
6
|
+
steps:
|
|
7
|
+
- checkout
|
|
8
|
+
- restore_cache:
|
|
9
|
+
keys:
|
|
10
|
+
- gems-v2-{{ checksum "Gemfile.lock" }}
|
|
11
|
+
- gems-v2-
|
|
12
|
+
- run: bundle check || bundle install
|
|
13
|
+
- save_cache:
|
|
14
|
+
key: gems-v2--{{ checksum "Gemfile.lock" }}
|
|
15
|
+
paths:
|
|
16
|
+
- vendor/bundle
|
|
17
|
+
- run: bundle exec rake spec
|
|
18
|
+
|
|
19
|
+
workflows:
|
|
20
|
+
tests:
|
|
21
|
+
jobs:
|
|
22
|
+
- run-tests
|
data/.github/CODEOWNERS
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
* @auth0/dx-sdks-approver
|
|
@@ -29,4 +29,4 @@ Please describe how this can be tested by reviewers. Be specific about anything
|
|
|
29
29
|
* [ ] I have read the [Auth0 contribution guidelines](https://github.com/auth0/open-source-template/blob/master/GENERAL-CONTRIBUTING.md)
|
|
30
30
|
* [ ] I have read the [Auth0 Code of Conduct](https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md)
|
|
31
31
|
* [ ] All existing and new tests complete without errors
|
|
32
|
-
* [ ] All code quality tools/guidelines in the [CONTRIBUTING documentation](CONTRIBUTING.md) have been run/followed
|
|
32
|
+
* [ ] All code quality tools/guidelines in the [CONTRIBUTING documentation](https://github.com/auth0/omniauth-auth0/blob/master/CONTRIBUTING.md) have been run/followed
|
data/.github/stale.yml
ADDED
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
# Configuration for probot-stale - https://github.com/probot/stale
|
|
2
|
+
|
|
3
|
+
# Number of days of inactivity before an Issue or Pull Request becomes stale
|
|
4
|
+
daysUntilStale: 90
|
|
5
|
+
|
|
6
|
+
# Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
|
|
7
|
+
daysUntilClose: 7
|
|
8
|
+
|
|
9
|
+
# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
|
|
10
|
+
exemptLabels: []
|
|
11
|
+
|
|
12
|
+
# Set to true to ignore issues with an assignee (defaults to false)
|
|
13
|
+
exemptAssignees: true
|
|
14
|
+
|
|
15
|
+
# Label to use when marking as stale
|
|
16
|
+
staleLabel: closed:stale
|
|
17
|
+
|
|
18
|
+
# Comment to post when marking as stale. Set to `false` to disable
|
|
19
|
+
markComment: >
|
|
20
|
+
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If you have not received a response for our team (apologies for the delay) and this is still a blocker, please reply with additional information or just a ping. Thank you for your contribution! 🙇♂️
|
data/.gitignore
CHANGED
data/.snyk
ADDED
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
|
|
2
|
+
version: v1.13.5
|
|
3
|
+
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
|
|
4
|
+
ignore:
|
|
5
|
+
SNYK-RUBY-OMNIAUTH-174820:
|
|
6
|
+
- '*':
|
|
7
|
+
reason: Not affected.
|
|
8
|
+
expires: 2020-01-01T00:00:00.000Z
|
|
9
|
+
patch: {}
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,55 @@
|
|
|
1
1
|
# Change Log
|
|
2
2
|
|
|
3
|
+
## [v2.4.1](https://github.com/auth0/omniauth-auth0/tree/v2.4.1) (2020-10-08)
|
|
4
|
+
|
|
5
|
+
[Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v2.4.0...v2.4.1)
|
|
6
|
+
|
|
7
|
+
**Fixed**
|
|
8
|
+
- Verify the JWT Signature [\#109](https://github.com/auth0/omniauth-auth0/pull/109) ([jimmyjames](https://github.com/jimmyjames))
|
|
9
|
+
|
|
10
|
+
|
|
11
|
+
## [v2.4.0](https://github.com/auth0/omniauth-auth0/tree/v2.4.0) (2020-09-22)
|
|
12
|
+
|
|
13
|
+
[Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v2.3.1...v2.4.0)
|
|
14
|
+
|
|
15
|
+
**Security**
|
|
16
|
+
- Bump rack from 2.2.2 to 2.2.3 [\#107](https://github.com/auth0/omniauth-auth0/pull/107) ([dependabot](https://github.com/dependabot))
|
|
17
|
+
- Update dependencies [\#100](https://github.com/auth0/omniauth-auth0/pull/100) ([Albalmaceda](https://github.com/Albalmaceda))
|
|
18
|
+
|
|
19
|
+
**Added**
|
|
20
|
+
- Add support for screen_hint=signup param [\#103](https://github.com/auth0/omniauth-auth0/pull/103) ([bbean86](https://github.com/bbean86))
|
|
21
|
+
- Add support for `connection_scope` in params [\#99](https://github.com/auth0/omniauth-auth0/pull/99) ([felixclack](https://github.com/felixclack))
|
|
22
|
+
|
|
23
|
+
|
|
24
|
+
## [v2.3.1](https://github.com/auth0/omniauth-auth0/tree/v2.3.1) (2020-03-27)
|
|
25
|
+
|
|
26
|
+
[Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v2.3.0...v2.3.1)
|
|
27
|
+
|
|
28
|
+
**Fixed bugs:**
|
|
29
|
+
|
|
30
|
+
- Fixes dependency issue [\#97](https://github.com/auth0/omniauth-auth0/pull/97) ([davidpatrick](https://github.com/davidpatrick))
|
|
31
|
+
- Fix "NameError: uninitialized constant OmniAuth::Auth0::TokenValidationError" [\#96](https://github.com/auth0/omniauth-auth0/pull/96) ([stefanwork](https://github.com/stefanwork))
|
|
32
|
+
|
|
33
|
+
## [v2.3.0](https://github.com/auth0/omniauth-auth0/tree/v2.3.0) (2020-03-06)
|
|
34
|
+
[Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v2.2.0...v2.3.0)
|
|
35
|
+
|
|
36
|
+
**Added**
|
|
37
|
+
- Improved OIDC Compliance [\#92](https://github.com/auth0/omniauth-auth0/pull/92) ([davidpatrick](https://github.com/davidpatrick))
|
|
38
|
+
|
|
39
|
+
## [v2.2.0](https://github.com/auth0/omniauth-auth0/tree/v2.2.0) (2018-04-18)
|
|
40
|
+
[Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v2.1.0...v2.2.0)
|
|
41
|
+
|
|
42
|
+
**Closed issues**
|
|
43
|
+
- It supports custom domain? [\#71](https://github.com/auth0/omniauth-auth0/issues/71)
|
|
44
|
+
- Valid Login, No Details: email=nil image=nil name="github|38257089" nickname=nil [\#70](https://github.com/auth0/omniauth-auth0/issues/70)
|
|
45
|
+
|
|
46
|
+
**Added**
|
|
47
|
+
- Custom issuer [\#77](https://github.com/auth0/omniauth-auth0/pull/77) ([ryan-rosenfeld](https://github.com/ryan-rosenfeld))
|
|
48
|
+
- Add telemetry to token endpoint [\#74](https://github.com/auth0/omniauth-auth0/pull/74) ([joshcanhelp](https://github.com/joshcanhelp))
|
|
49
|
+
|
|
50
|
+
**Changed**
|
|
51
|
+
- Remove telemetry from authorize URL [\#75](https://github.com/auth0/omniauth-auth0/pull/75) ([joshcanhelp](https://github.com/joshcanhelp))
|
|
52
|
+
|
|
3
53
|
## [v2.1.0](https://github.com/auth0/omniauth-auth0/tree/v2.1.0) (2018-10-30)
|
|
4
54
|
[Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v2.0.0...v2.1.0)
|
|
5
55
|
|
data/Gemfile
CHANGED
|
@@ -9,10 +9,10 @@ gem 'rake'
|
|
|
9
9
|
group :development do
|
|
10
10
|
gem 'dotenv'
|
|
11
11
|
gem 'pry'
|
|
12
|
+
gem 'rubocop', require: false
|
|
12
13
|
gem 'shotgun'
|
|
13
14
|
gem 'sinatra'
|
|
14
15
|
gem 'thin'
|
|
15
|
-
gem 'rubocop', require: false
|
|
16
16
|
end
|
|
17
17
|
|
|
18
18
|
group :test do
|
|
@@ -20,6 +20,7 @@ group :test do
|
|
|
20
20
|
gem 'listen', '~> 3.1.5'
|
|
21
21
|
gem 'rack-test'
|
|
22
22
|
gem 'rspec', '~> 3.5'
|
|
23
|
+
gem 'codecov', require: false
|
|
23
24
|
gem 'simplecov'
|
|
24
25
|
gem 'webmock'
|
|
25
26
|
end
|
data/Gemfile.lock
ADDED
|
@@ -0,0 +1,167 @@
|
|
|
1
|
+
PATH
|
|
2
|
+
remote: .
|
|
3
|
+
specs:
|
|
4
|
+
omniauth-auth0 (2.4.1)
|
|
5
|
+
omniauth-oauth2 (~> 1.5)
|
|
6
|
+
|
|
7
|
+
GEM
|
|
8
|
+
remote: https://rubygems.org/
|
|
9
|
+
specs:
|
|
10
|
+
addressable (2.7.0)
|
|
11
|
+
public_suffix (>= 2.0.2, < 5.0)
|
|
12
|
+
ast (2.4.1)
|
|
13
|
+
codecov (0.2.11)
|
|
14
|
+
json
|
|
15
|
+
simplecov
|
|
16
|
+
coderay (1.1.3)
|
|
17
|
+
crack (0.4.4)
|
|
18
|
+
daemons (1.3.1)
|
|
19
|
+
diff-lcs (1.4.4)
|
|
20
|
+
docile (1.3.2)
|
|
21
|
+
dotenv (2.7.6)
|
|
22
|
+
eventmachine (1.2.7)
|
|
23
|
+
faraday (1.0.1)
|
|
24
|
+
multipart-post (>= 1.2, < 3)
|
|
25
|
+
ffi (1.13.1)
|
|
26
|
+
formatador (0.2.5)
|
|
27
|
+
gem-release (2.1.1)
|
|
28
|
+
guard (2.16.2)
|
|
29
|
+
formatador (>= 0.2.4)
|
|
30
|
+
listen (>= 2.7, < 4.0)
|
|
31
|
+
lumberjack (>= 1.0.12, < 2.0)
|
|
32
|
+
nenv (~> 0.1)
|
|
33
|
+
notiffany (~> 0.0)
|
|
34
|
+
pry (>= 0.9.12)
|
|
35
|
+
shellany (~> 0.0)
|
|
36
|
+
thor (>= 0.18.1)
|
|
37
|
+
guard-compat (1.2.1)
|
|
38
|
+
guard-rspec (4.7.3)
|
|
39
|
+
guard (~> 2.1)
|
|
40
|
+
guard-compat (~> 1.1)
|
|
41
|
+
rspec (>= 2.99.0, < 4.0)
|
|
42
|
+
hashdiff (1.0.1)
|
|
43
|
+
hashie (4.1.0)
|
|
44
|
+
json (2.3.1)
|
|
45
|
+
jwt (2.2.2)
|
|
46
|
+
listen (3.1.5)
|
|
47
|
+
rb-fsevent (~> 0.9, >= 0.9.4)
|
|
48
|
+
rb-inotify (~> 0.9, >= 0.9.7)
|
|
49
|
+
ruby_dep (~> 1.2)
|
|
50
|
+
lumberjack (1.2.8)
|
|
51
|
+
method_source (1.0.0)
|
|
52
|
+
multi_json (1.15.0)
|
|
53
|
+
multi_xml (0.6.0)
|
|
54
|
+
multipart-post (2.1.1)
|
|
55
|
+
mustermann (1.1.1)
|
|
56
|
+
ruby2_keywords (~> 0.0.1)
|
|
57
|
+
nenv (0.3.0)
|
|
58
|
+
notiffany (0.1.3)
|
|
59
|
+
nenv (~> 0.1)
|
|
60
|
+
shellany (~> 0.0)
|
|
61
|
+
oauth2 (1.4.4)
|
|
62
|
+
faraday (>= 0.8, < 2.0)
|
|
63
|
+
jwt (>= 1.0, < 3.0)
|
|
64
|
+
multi_json (~> 1.3)
|
|
65
|
+
multi_xml (~> 0.5)
|
|
66
|
+
rack (>= 1.2, < 3)
|
|
67
|
+
omniauth (1.9.1)
|
|
68
|
+
hashie (>= 3.4.6)
|
|
69
|
+
rack (>= 1.6.2, < 3)
|
|
70
|
+
omniauth-oauth2 (1.7.0)
|
|
71
|
+
oauth2 (~> 1.4)
|
|
72
|
+
omniauth (~> 1.9)
|
|
73
|
+
parallel (1.19.2)
|
|
74
|
+
parser (2.7.2.0)
|
|
75
|
+
ast (~> 2.4.1)
|
|
76
|
+
pry (0.13.1)
|
|
77
|
+
coderay (~> 1.1)
|
|
78
|
+
method_source (~> 1.0)
|
|
79
|
+
public_suffix (4.0.6)
|
|
80
|
+
rack (2.2.3)
|
|
81
|
+
rack-protection (2.1.0)
|
|
82
|
+
rack
|
|
83
|
+
rack-test (1.1.0)
|
|
84
|
+
rack (>= 1.0, < 3)
|
|
85
|
+
rainbow (3.0.0)
|
|
86
|
+
rake (13.0.1)
|
|
87
|
+
rb-fsevent (0.10.4)
|
|
88
|
+
rb-inotify (0.10.1)
|
|
89
|
+
ffi (~> 1.0)
|
|
90
|
+
regexp_parser (1.8.1)
|
|
91
|
+
rexml (3.2.4)
|
|
92
|
+
rspec (3.9.0)
|
|
93
|
+
rspec-core (~> 3.9.0)
|
|
94
|
+
rspec-expectations (~> 3.9.0)
|
|
95
|
+
rspec-mocks (~> 3.9.0)
|
|
96
|
+
rspec-core (3.9.3)
|
|
97
|
+
rspec-support (~> 3.9.3)
|
|
98
|
+
rspec-expectations (3.9.2)
|
|
99
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
|
100
|
+
rspec-support (~> 3.9.0)
|
|
101
|
+
rspec-mocks (3.9.1)
|
|
102
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
|
103
|
+
rspec-support (~> 3.9.0)
|
|
104
|
+
rspec-support (3.9.3)
|
|
105
|
+
rubocop (0.93.0)
|
|
106
|
+
parallel (~> 1.10)
|
|
107
|
+
parser (>= 2.7.1.5)
|
|
108
|
+
rainbow (>= 2.2.2, < 4.0)
|
|
109
|
+
regexp_parser (>= 1.8)
|
|
110
|
+
rexml
|
|
111
|
+
rubocop-ast (>= 0.6.0)
|
|
112
|
+
ruby-progressbar (~> 1.7)
|
|
113
|
+
unicode-display_width (>= 1.4.0, < 2.0)
|
|
114
|
+
rubocop-ast (0.7.1)
|
|
115
|
+
parser (>= 2.7.1.5)
|
|
116
|
+
ruby-progressbar (1.10.1)
|
|
117
|
+
ruby2_keywords (0.0.2)
|
|
118
|
+
ruby_dep (1.5.0)
|
|
119
|
+
shellany (0.0.1)
|
|
120
|
+
shotgun (0.9.2)
|
|
121
|
+
rack (>= 1.0)
|
|
122
|
+
simplecov (0.19.0)
|
|
123
|
+
docile (~> 1.1)
|
|
124
|
+
simplecov-html (~> 0.11)
|
|
125
|
+
simplecov-html (0.12.3)
|
|
126
|
+
sinatra (2.1.0)
|
|
127
|
+
mustermann (~> 1.0)
|
|
128
|
+
rack (~> 2.2)
|
|
129
|
+
rack-protection (= 2.1.0)
|
|
130
|
+
tilt (~> 2.0)
|
|
131
|
+
thin (1.7.2)
|
|
132
|
+
daemons (~> 1.0, >= 1.0.9)
|
|
133
|
+
eventmachine (~> 1.0, >= 1.0.4)
|
|
134
|
+
rack (>= 1, < 3)
|
|
135
|
+
thor (1.0.1)
|
|
136
|
+
tilt (2.0.10)
|
|
137
|
+
unicode-display_width (1.7.0)
|
|
138
|
+
webmock (3.9.1)
|
|
139
|
+
addressable (>= 2.3.6)
|
|
140
|
+
crack (>= 0.3.2)
|
|
141
|
+
hashdiff (>= 0.4.0, < 2.0.0)
|
|
142
|
+
|
|
143
|
+
PLATFORMS
|
|
144
|
+
ruby
|
|
145
|
+
|
|
146
|
+
DEPENDENCIES
|
|
147
|
+
bundler (~> 1.9)
|
|
148
|
+
codecov
|
|
149
|
+
dotenv
|
|
150
|
+
gem-release
|
|
151
|
+
guard-rspec
|
|
152
|
+
jwt
|
|
153
|
+
listen (~> 3.1.5)
|
|
154
|
+
omniauth-auth0!
|
|
155
|
+
pry
|
|
156
|
+
rack-test
|
|
157
|
+
rake
|
|
158
|
+
rspec (~> 3.5)
|
|
159
|
+
rubocop
|
|
160
|
+
shotgun
|
|
161
|
+
simplecov
|
|
162
|
+
sinatra
|
|
163
|
+
thin
|
|
164
|
+
webmock
|
|
165
|
+
|
|
166
|
+
BUNDLED WITH
|
|
167
|
+
1.17.3
|
data/README.md
CHANGED
|
@@ -1,10 +1,14 @@
|
|
|
1
1
|
# OmniAuth Auth0
|
|
2
2
|
|
|
3
|
-
An [OmniAuth](https://github.com/intridea/omniauth) strategy for authenticating with [Auth0](https://auth0.com). This strategy is based on the [OmniAuth OAuth2](https://github.com/omniauth/omniauth-oauth2) strategy.
|
|
3
|
+
An [OmniAuth](https://github.com/intridea/omniauth) strategy for authenticating with [Auth0](https://auth0.com). This strategy is based on the [OmniAuth OAuth2](https://github.com/omniauth/omniauth-oauth2) strategy.
|
|
4
4
|
|
|
5
|
-
[
|
|
6
|
-
|
|
7
|
-
[. Please review the details of the vulnerability, including [Auth0](https://github.com/auth0/omniauth-auth0/issues/82 ) and other recommended [mitigations](https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284), before implementing the solution.
|
|
6
|
+
|
|
7
|
+
[](https://circleci.com/gh/auth0/omniauth-auth0)
|
|
8
|
+
[](https://codecov.io/gh/auth0/omniauth-auth0)
|
|
9
|
+
[](https://badge.fury.io/rb/omniauth-auth0)
|
|
10
|
+
[](https://github.com/auth0/omniauth-auth0/blob/master/LICENSE)
|
|
11
|
+
[](https://app.fossa.com/projects/git%2Bgithub.com%2Fauth0%2Fomniauth-auth0?ref=badge_shield)
|
|
8
12
|
|
|
9
13
|
## Table of Contents
|
|
10
14
|
|
|
@@ -30,13 +34,19 @@ Add the following line to your `Gemfile`:
|
|
|
30
34
|
gem 'omniauth-auth0'
|
|
31
35
|
```
|
|
32
36
|
|
|
37
|
+
If you're using this strategy with Rails, also add the following for CSRF protection:
|
|
38
|
+
|
|
39
|
+
```ruby
|
|
40
|
+
gem 'omniauth-rails_csrf_protection'
|
|
41
|
+
```
|
|
42
|
+
|
|
33
43
|
Then install:
|
|
34
44
|
|
|
35
45
|
```bash
|
|
36
46
|
$ bundle install
|
|
37
47
|
```
|
|
38
48
|
|
|
39
|
-
See our [contributing guide](CONTRIBUTING.md) for information on local installation for development.
|
|
49
|
+
See our [contributing guide](CONTRIBUTING.md) for information on local installation for development.
|
|
40
50
|
|
|
41
51
|
## Getting Started
|
|
42
52
|
|
|
@@ -54,7 +64,7 @@ All of these tasks and more are covered in our [Ruby on Rails Quickstart](https:
|
|
|
54
64
|
To send additional parameters during login, you can specify them when you register the provider:
|
|
55
65
|
|
|
56
66
|
```ruby
|
|
57
|
-
provider
|
|
67
|
+
provider
|
|
58
68
|
:auth0,
|
|
59
69
|
ENV['AUTH0_CLIENT_ID'],
|
|
60
70
|
ENV['AUTH0_CLIENT_SECRET'],
|
|
@@ -62,19 +72,13 @@ provider
|
|
|
62
72
|
{
|
|
63
73
|
authorize_params: {
|
|
64
74
|
scope: 'openid read:users write:order',
|
|
65
|
-
audience: 'https://mydomain/api'
|
|
75
|
+
audience: 'https://mydomain/api',
|
|
76
|
+
max_age: 3600 # time in seconds authentication is valid
|
|
66
77
|
}
|
|
67
78
|
}
|
|
68
79
|
```
|
|
69
80
|
|
|
70
|
-
... which will tell the strategy to send those parameters on every
|
|
71
|
-
|
|
72
|
-
Or you can do it for a specific authentication request by adding them to the query parameters of the redirect URL. Allowed parameters are `connection` and `prompt`:
|
|
73
|
-
|
|
74
|
-
```ruby
|
|
75
|
-
redirect_to '/auth/auth0?connection=google-oauth2'
|
|
76
|
-
redirect_to '/auth/auth0?prompt=none'
|
|
77
|
-
```
|
|
81
|
+
... which will tell the strategy to send those parameters on every authentication request.
|
|
78
82
|
|
|
79
83
|
### Authentication hash
|
|
80
84
|
|
|
@@ -118,6 +122,17 @@ The Auth0 strategy will provide the standard OmniAuth hash attributes:
|
|
|
118
122
|
}
|
|
119
123
|
```
|
|
120
124
|
|
|
125
|
+
### Query Parameter Options
|
|
126
|
+
|
|
127
|
+
In some scenarios, you may need to pass specific query parameters to `/authorize`. The following parameters are available to enable this:
|
|
128
|
+
|
|
129
|
+
- `connection`
|
|
130
|
+
- `connection_scope`
|
|
131
|
+
- `prompt`
|
|
132
|
+
- `screen_hint` (only relevant to New Universal Login Experience)
|
|
133
|
+
|
|
134
|
+
Simply pass these query parameters to your OmniAuth redirect endpoint to enable their behavior.
|
|
135
|
+
|
|
121
136
|
## Contribution
|
|
122
137
|
|
|
123
138
|
We appreciate feedback and contribution to this repo! Before you get started, please see the following:
|
|
@@ -128,10 +143,9 @@ We appreciate feedback and contribution to this repo! Before you get started, pl
|
|
|
128
143
|
|
|
129
144
|
## Support + Feedback
|
|
130
145
|
|
|
131
|
-
|
|
132
146
|
- Use [Community](https://community.auth0.com/) for usage, questions, specific cases.
|
|
133
147
|
- Use [Issues](https://github.com/auth0/omniauth-auth0/issues) here for code-level support and bug reports.
|
|
134
|
-
- Paid customers can use [Support](https://support.auth0.com/) to submit a trouble ticket for production-affecting issues.
|
|
148
|
+
- Paid customers can use [Support](https://support.auth0.com/) to submit a trouble ticket for production-affecting issues.
|
|
135
149
|
|
|
136
150
|
## Vulnerability Reporting
|
|
137
151
|
|
|
@@ -153,3 +167,6 @@ Auth0 helps you to easily:
|
|
|
153
167
|
## License
|
|
154
168
|
|
|
155
169
|
The OmniAuth Auth0 strategy is licensed under MIT - [LICENSE](LICENSE)
|
|
170
|
+
|
|
171
|
+
|
|
172
|
+
[](https://app.fossa.com/projects/git%2Bgithub.com%2Fauth0%2Fomniauth-auth0?ref=badge_large)
|
data/codecov.yml
ADDED
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
coverage:
|
|
2
|
+
precision: 2
|
|
3
|
+
round: down
|
|
4
|
+
range: "60...100"
|
|
5
|
+
status:
|
|
6
|
+
project:
|
|
7
|
+
default:
|
|
8
|
+
enabled: true
|
|
9
|
+
target: auto
|
|
10
|
+
threshold: 5%
|
|
11
|
+
if_no_uploads: error
|
|
12
|
+
patch:
|
|
13
|
+
default:
|
|
14
|
+
enabled: true
|
|
15
|
+
target: 80%
|
|
16
|
+
threshold: 30%
|
|
17
|
+
if_no_uploads: error
|
|
18
|
+
changes:
|
|
19
|
+
default:
|
|
20
|
+
enabled: true
|
|
21
|
+
if_no_uploads: error
|
|
22
|
+
comment: false
|