omniauth-auth0 2.3.0 → 2.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.circleci/config.yml +27 -11
- data/.github/CODEOWNERS +1 -1
- data/.github/ISSUE_TEMPLATE/config.yml +8 -0
- data/.github/ISSUE_TEMPLATE/feature_request.md +39 -0
- data/.github/ISSUE_TEMPLATE/report_a_bug.md +55 -0
- data/.github/PULL_REQUEST_TEMPLATE.md +1 -1
- data/.gitignore +2 -0
- data/CHANGELOG.md +53 -2
- data/Gemfile +1 -1
- data/README.md +21 -5
- data/lib/omniauth-auth0/version.rb +1 -1
- data/lib/omniauth/auth0/jwt_validator.rb +51 -13
- data/lib/omniauth/strategies/auth0.rb +19 -8
- data/omniauth-auth0.gemspec +2 -3
- data/spec/omniauth/auth0/jwt_validator_spec.rb +226 -34
- data/spec/omniauth/strategies/auth0_spec.rb +49 -17
- metadata +27 -12
- data/.github/ISSUE_TEMPLATE.md +0 -39
- data/Gemfile.lock +0 -168
@@ -26,7 +26,12 @@ describe OmniAuth::Strategies::Auth0 do
|
|
26
26
|
end
|
27
27
|
|
28
28
|
describe 'client_options' do
|
29
|
-
let(:subject) {
|
29
|
+
let(:subject) { OmniAuth::Strategies::Auth0.new(
|
30
|
+
application,
|
31
|
+
client_id,
|
32
|
+
client_secret,
|
33
|
+
domain_url
|
34
|
+
).client }
|
30
35
|
|
31
36
|
context 'domain with https' do
|
32
37
|
let(:domain_url) { 'https://samples.auth0.com' }
|
@@ -83,7 +88,9 @@ describe OmniAuth::Strategies::Auth0 do
|
|
83
88
|
expect(redirect_url).to have_query('redirect_uri')
|
84
89
|
expect(redirect_url).not_to have_query('auth0Client')
|
85
90
|
expect(redirect_url).not_to have_query('connection')
|
91
|
+
expect(redirect_url).not_to have_query('connection_scope')
|
86
92
|
expect(redirect_url).not_to have_query('prompt')
|
93
|
+
expect(redirect_url).not_to have_query('screen_hint')
|
87
94
|
end
|
88
95
|
|
89
96
|
it 'redirects to hosted login page' do
|
@@ -97,7 +104,18 @@ describe OmniAuth::Strategies::Auth0 do
|
|
97
104
|
expect(redirect_url).to have_query('redirect_uri')
|
98
105
|
expect(redirect_url).to have_query('connection', 'abcd')
|
99
106
|
expect(redirect_url).not_to have_query('auth0Client')
|
107
|
+
expect(redirect_url).not_to have_query('connection_scope')
|
100
108
|
expect(redirect_url).not_to have_query('prompt')
|
109
|
+
expect(redirect_url).not_to have_query('screen_hint')
|
110
|
+
end
|
111
|
+
|
112
|
+
it 'redirects to the hosted login page with connection_scope' do
|
113
|
+
get 'auth/auth0?connection_scope=identity_provider_scope'
|
114
|
+
expect(last_response.status).to eq(302)
|
115
|
+
redirect_url = last_response.headers['Location']
|
116
|
+
expect(redirect_url).to start_with('https://samples.auth0.com/authorize')
|
117
|
+
expect(redirect_url)
|
118
|
+
.to have_query('connection_scope', 'identity_provider_scope')
|
101
119
|
end
|
102
120
|
|
103
121
|
it 'redirects to hosted login page with prompt=login' do
|
@@ -114,6 +132,20 @@ describe OmniAuth::Strategies::Auth0 do
|
|
114
132
|
expect(redirect_url).not_to have_query('connection')
|
115
133
|
end
|
116
134
|
|
135
|
+
it 'redirects to hosted login page with screen_hint=signup' do
|
136
|
+
get 'auth/auth0?screen_hint=signup'
|
137
|
+
expect(last_response.status).to eq(302)
|
138
|
+
redirect_url = last_response.headers['Location']
|
139
|
+
expect(redirect_url).to start_with('https://samples.auth0.com/authorize')
|
140
|
+
expect(redirect_url).to have_query('response_type', 'code')
|
141
|
+
expect(redirect_url).to have_query('state')
|
142
|
+
expect(redirect_url).to have_query('client_id')
|
143
|
+
expect(redirect_url).to have_query('redirect_uri')
|
144
|
+
expect(redirect_url).to have_query('screen_hint', 'signup')
|
145
|
+
expect(redirect_url).not_to have_query('auth0Client')
|
146
|
+
expect(redirect_url).not_to have_query('connection')
|
147
|
+
end
|
148
|
+
|
117
149
|
describe 'callback' do
|
118
150
|
let(:access_token) { 'access token' }
|
119
151
|
let(:expires_in) { 2000 }
|
@@ -134,12 +166,17 @@ describe OmniAuth::Strategies::Auth0 do
|
|
134
166
|
payload['sub'] = user_id
|
135
167
|
payload['iss'] = "#{domain_url}/"
|
136
168
|
payload['aud'] = client_id
|
169
|
+
payload['name'] = name
|
170
|
+
payload['nickname'] = nickname
|
171
|
+
payload['picture'] = picture
|
172
|
+
payload['email'] = email
|
173
|
+
payload['email_verified'] = email_verified
|
174
|
+
|
137
175
|
JWT.encode payload, client_secret, 'HS256'
|
138
176
|
end
|
139
177
|
|
140
178
|
let(:oauth_response) do
|
141
179
|
{
|
142
|
-
id_token: id_token,
|
143
180
|
access_token: access_token,
|
144
181
|
expires_in: expires_in,
|
145
182
|
token_type: token_type
|
@@ -155,17 +192,7 @@ describe OmniAuth::Strategies::Auth0 do
|
|
155
192
|
}
|
156
193
|
end
|
157
194
|
|
158
|
-
let(:basic_user_info) { { sub
|
159
|
-
let(:oidc_user_info) do
|
160
|
-
{
|
161
|
-
sub: user_id,
|
162
|
-
name: name,
|
163
|
-
nickname: nickname,
|
164
|
-
email: email,
|
165
|
-
picture: picture,
|
166
|
-
email_verified: email_verified
|
167
|
-
}
|
168
|
-
end
|
195
|
+
let(:basic_user_info) { { "sub" => user_id, "name" => name } }
|
169
196
|
|
170
197
|
def stub_auth(body)
|
171
198
|
stub_request(:post, 'https://samples.auth0.com/oauth/token')
|
@@ -193,7 +220,9 @@ describe OmniAuth::Strategies::Auth0 do
|
|
193
220
|
WebMock.reset!
|
194
221
|
end
|
195
222
|
|
196
|
-
let(:subject)
|
223
|
+
let(:subject) do
|
224
|
+
MultiJson.decode(last_response.body)
|
225
|
+
end
|
197
226
|
|
198
227
|
context 'basic oauth' do
|
199
228
|
before do
|
@@ -212,10 +241,14 @@ describe OmniAuth::Strategies::Auth0 do
|
|
212
241
|
expect(subject['credentials']['expires_at']).to_not be_nil
|
213
242
|
end
|
214
243
|
|
215
|
-
it 'has basic values'
|
244
|
+
it 'has basic values' do
|
216
245
|
expect(subject['provider']).to eq('auth0')
|
217
246
|
expect(subject['uid']).to eq(user_id)
|
218
|
-
expect(subject['info']['name']).to eq(
|
247
|
+
expect(subject['info']['name']).to eq(name)
|
248
|
+
end
|
249
|
+
|
250
|
+
it 'should use the user info endpoint' do
|
251
|
+
expect(subject['extra']['raw_info']).to eq(basic_user_info)
|
219
252
|
end
|
220
253
|
end
|
221
254
|
|
@@ -241,7 +274,6 @@ describe OmniAuth::Strategies::Auth0 do
|
|
241
274
|
context 'oidc' do
|
242
275
|
before do
|
243
276
|
stub_auth(oidc_response)
|
244
|
-
stub_userinfo(oidc_user_info)
|
245
277
|
trigger_callback
|
246
278
|
end
|
247
279
|
|
metadata
CHANGED
@@ -1,15 +1,29 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: omniauth-auth0
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.5.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Auth0
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-01-21 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: omniauth
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '1.9'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '1.9'
|
13
27
|
- !ruby/object:Gem::Dependency
|
14
28
|
name: omniauth-oauth2
|
15
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -28,16 +42,16 @@ dependencies:
|
|
28
42
|
name: bundler
|
29
43
|
requirement: !ruby/object:Gem::Requirement
|
30
44
|
requirements:
|
31
|
-
- - "
|
45
|
+
- - ">="
|
32
46
|
- !ruby/object:Gem::Version
|
33
|
-
version: '
|
47
|
+
version: '0'
|
34
48
|
type: :development
|
35
49
|
prerelease: false
|
36
50
|
version_requirements: !ruby/object:Gem::Requirement
|
37
51
|
requirements:
|
38
|
-
- - "
|
52
|
+
- - ">="
|
39
53
|
- !ruby/object:Gem::Version
|
40
|
-
version: '
|
54
|
+
version: '0'
|
41
55
|
description: |
|
42
56
|
Auth0 is an authentication broker that supports social identity providers as well as enterprise identity providers such as Active Directory, LDAP, Google Apps, Salesforce.
|
43
57
|
|
@@ -53,7 +67,9 @@ files:
|
|
53
67
|
- ".circleci/config.yml"
|
54
68
|
- ".gemrelease"
|
55
69
|
- ".github/CODEOWNERS"
|
56
|
-
- ".github/ISSUE_TEMPLATE.
|
70
|
+
- ".github/ISSUE_TEMPLATE/config.yml"
|
71
|
+
- ".github/ISSUE_TEMPLATE/feature_request.md"
|
72
|
+
- ".github/ISSUE_TEMPLATE/report_a_bug.md"
|
57
73
|
- ".github/PULL_REQUEST_TEMPLATE.md"
|
58
74
|
- ".github/stale.yml"
|
59
75
|
- ".gitignore"
|
@@ -64,7 +80,6 @@ files:
|
|
64
80
|
- CODE_OF_CONDUCT.md
|
65
81
|
- CONTRIBUTING.md
|
66
82
|
- Gemfile
|
67
|
-
- Gemfile.lock
|
68
83
|
- Guardfile
|
69
84
|
- LICENSE
|
70
85
|
- README.md
|
@@ -88,7 +103,7 @@ homepage: https://github.com/auth0/omniauth-auth0
|
|
88
103
|
licenses:
|
89
104
|
- MIT
|
90
105
|
metadata: {}
|
91
|
-
post_install_message:
|
106
|
+
post_install_message:
|
92
107
|
rdoc_options: []
|
93
108
|
require_paths:
|
94
109
|
- lib
|
@@ -103,8 +118,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
103
118
|
- !ruby/object:Gem::Version
|
104
119
|
version: '0'
|
105
120
|
requirements: []
|
106
|
-
rubygems_version: 3.0.
|
107
|
-
signing_key:
|
121
|
+
rubygems_version: 3.0.9
|
122
|
+
signing_key:
|
108
123
|
specification_version: 4
|
109
124
|
summary: OmniAuth OAuth2 strategy for the Auth0 platform.
|
110
125
|
test_files:
|
data/.github/ISSUE_TEMPLATE.md
DELETED
@@ -1,39 +0,0 @@
|
|
1
|
-
In order to efficiently and accurately address your issue or feature request, please read through the template below and answer all relevant questions. Your additional work here is greatly appreciated and will help us respond as quickly as possible. Please delete any sections or questions below that do not pertain to this request.
|
2
|
-
|
3
|
-
For general support or usage questions, please use the [Auth0 Community](https://community.auth0.com/) or [Auth0 Support](https://support.auth0.com.).
|
4
|
-
|
5
|
-
### Description
|
6
|
-
|
7
|
-
Description of the bug or feature request and why it's a problem. Consider including:
|
8
|
-
|
9
|
-
- The use case or overall problem you're trying to solve
|
10
|
-
- Information about when the problem started
|
11
|
-
|
12
|
-
### Prerequisites
|
13
|
-
|
14
|
-
* [ ] I have read the [Auth0 contribution guidelines](https://github.com/auth0/open-source-template/blob/master/GENERAL-CONTRIBUTING.md)
|
15
|
-
* [ ] I have read the [Auth0 Code of Conduct](https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md)
|
16
|
-
* [ ] Did you check the [documentation](https://auth0.com/docs/quickstart/webapp/rails)?
|
17
|
-
* [ ] Did you check [Auth0 Community](https://community.auth0.com/tags/rails)?
|
18
|
-
* [ ] Are you reporting this to the correct repository? This strategy relies on [OmniAuth](https://github.com/omniauth/omniauth) and the [OmniAuth OAuth2](https://github.com/omniauth/omniauth-oauth2) strategy.
|
19
|
-
* [ ] Are there any related or duplicate [Issues](https://github.com/auth0/omniauth-auth0/issues) or [PRs](https://github.com/auth0/omniauth-auth0/pulls) for this issue?
|
20
|
-
|
21
|
-
### Environment
|
22
|
-
|
23
|
-
Please provide the following:
|
24
|
-
|
25
|
-
* OmniAuth-Auth0 version:
|
26
|
-
* Ruby version:
|
27
|
-
* Rails veresion:
|
28
|
-
* Browser version, if applicable:
|
29
|
-
* Additional gems that might be affecting your instance:
|
30
|
-
|
31
|
-
### Reproduction
|
32
|
-
|
33
|
-
Detail the steps taken to reproduce this error and note if this issue can be reproduced consistently or if it is intermittent.
|
34
|
-
|
35
|
-
Please include:
|
36
|
-
|
37
|
-
- Log files (redact/remove sensitive information)
|
38
|
-
- Application settings (redact/remove sensitive information)
|
39
|
-
- Screenshots, if helpful
|
data/Gemfile.lock
DELETED
@@ -1,168 +0,0 @@
|
|
1
|
-
PATH
|
2
|
-
remote: .
|
3
|
-
specs:
|
4
|
-
omniauth-auth0 (2.3.0)
|
5
|
-
omniauth-oauth2 (~> 1.5)
|
6
|
-
|
7
|
-
GEM
|
8
|
-
remote: https://rubygems.org/
|
9
|
-
specs:
|
10
|
-
addressable (2.7.0)
|
11
|
-
public_suffix (>= 2.0.2, < 5.0)
|
12
|
-
ast (2.4.0)
|
13
|
-
codecov (0.1.16)
|
14
|
-
json
|
15
|
-
simplecov
|
16
|
-
url
|
17
|
-
coderay (1.1.2)
|
18
|
-
crack (0.4.3)
|
19
|
-
safe_yaml (~> 1.0.0)
|
20
|
-
daemons (1.3.1)
|
21
|
-
diff-lcs (1.3)
|
22
|
-
docile (1.3.2)
|
23
|
-
dotenv (2.7.5)
|
24
|
-
eventmachine (1.2.7)
|
25
|
-
faraday (1.0.0)
|
26
|
-
multipart-post (>= 1.2, < 3)
|
27
|
-
ffi (1.12.2)
|
28
|
-
formatador (0.2.5)
|
29
|
-
gem-release (2.1.1)
|
30
|
-
guard (2.16.1)
|
31
|
-
formatador (>= 0.2.4)
|
32
|
-
listen (>= 2.7, < 4.0)
|
33
|
-
lumberjack (>= 1.0.12, < 2.0)
|
34
|
-
nenv (~> 0.1)
|
35
|
-
notiffany (~> 0.0)
|
36
|
-
pry (>= 0.9.12)
|
37
|
-
shellany (~> 0.0)
|
38
|
-
thor (>= 0.18.1)
|
39
|
-
guard-compat (1.2.1)
|
40
|
-
guard-rspec (4.7.3)
|
41
|
-
guard (~> 2.1)
|
42
|
-
guard-compat (~> 1.1)
|
43
|
-
rspec (>= 2.99.0, < 4.0)
|
44
|
-
hashdiff (1.0.1)
|
45
|
-
hashie (4.1.0)
|
46
|
-
jaro_winkler (1.5.4)
|
47
|
-
json (2.3.0)
|
48
|
-
jwt (2.2.1)
|
49
|
-
listen (3.1.5)
|
50
|
-
rb-fsevent (~> 0.9, >= 0.9.4)
|
51
|
-
rb-inotify (~> 0.9, >= 0.9.7)
|
52
|
-
ruby_dep (~> 1.2)
|
53
|
-
lumberjack (1.2.4)
|
54
|
-
method_source (0.9.2)
|
55
|
-
multi_json (1.14.1)
|
56
|
-
multi_xml (0.6.0)
|
57
|
-
multipart-post (2.1.1)
|
58
|
-
mustermann (1.1.1)
|
59
|
-
ruby2_keywords (~> 0.0.1)
|
60
|
-
nenv (0.3.0)
|
61
|
-
notiffany (0.1.3)
|
62
|
-
nenv (~> 0.1)
|
63
|
-
shellany (~> 0.0)
|
64
|
-
oauth2 (1.4.4)
|
65
|
-
faraday (>= 0.8, < 2.0)
|
66
|
-
jwt (>= 1.0, < 3.0)
|
67
|
-
multi_json (~> 1.3)
|
68
|
-
multi_xml (~> 0.5)
|
69
|
-
rack (>= 1.2, < 3)
|
70
|
-
omniauth (1.9.1)
|
71
|
-
hashie (>= 3.4.6)
|
72
|
-
rack (>= 1.6.2, < 3)
|
73
|
-
omniauth-oauth2 (1.6.0)
|
74
|
-
oauth2 (~> 1.1)
|
75
|
-
omniauth (~> 1.9)
|
76
|
-
parallel (1.19.1)
|
77
|
-
parser (2.7.0.4)
|
78
|
-
ast (~> 2.4.0)
|
79
|
-
pry (0.12.2)
|
80
|
-
coderay (~> 1.1.0)
|
81
|
-
method_source (~> 0.9.0)
|
82
|
-
public_suffix (4.0.3)
|
83
|
-
rack (2.2.2)
|
84
|
-
rack-protection (2.0.8.1)
|
85
|
-
rack
|
86
|
-
rack-test (1.1.0)
|
87
|
-
rack (>= 1.0, < 3)
|
88
|
-
rainbow (3.0.0)
|
89
|
-
rake (13.0.1)
|
90
|
-
rb-fsevent (0.10.3)
|
91
|
-
rb-inotify (0.10.1)
|
92
|
-
ffi (~> 1.0)
|
93
|
-
rexml (3.2.4)
|
94
|
-
rspec (3.9.0)
|
95
|
-
rspec-core (~> 3.9.0)
|
96
|
-
rspec-expectations (~> 3.9.0)
|
97
|
-
rspec-mocks (~> 3.9.0)
|
98
|
-
rspec-core (3.9.1)
|
99
|
-
rspec-support (~> 3.9.1)
|
100
|
-
rspec-expectations (3.9.0)
|
101
|
-
diff-lcs (>= 1.2.0, < 2.0)
|
102
|
-
rspec-support (~> 3.9.0)
|
103
|
-
rspec-mocks (3.9.1)
|
104
|
-
diff-lcs (>= 1.2.0, < 2.0)
|
105
|
-
rspec-support (~> 3.9.0)
|
106
|
-
rspec-support (3.9.2)
|
107
|
-
rubocop (0.80.1)
|
108
|
-
jaro_winkler (~> 1.5.1)
|
109
|
-
parallel (~> 1.10)
|
110
|
-
parser (>= 2.7.0.1)
|
111
|
-
rainbow (>= 2.2.2, < 4.0)
|
112
|
-
rexml
|
113
|
-
ruby-progressbar (~> 1.7)
|
114
|
-
unicode-display_width (>= 1.4.0, < 1.7)
|
115
|
-
ruby-progressbar (1.10.1)
|
116
|
-
ruby2_keywords (0.0.2)
|
117
|
-
ruby_dep (1.5.0)
|
118
|
-
safe_yaml (1.0.5)
|
119
|
-
shellany (0.0.1)
|
120
|
-
shotgun (0.9.2)
|
121
|
-
rack (>= 1.0)
|
122
|
-
simplecov (0.18.5)
|
123
|
-
docile (~> 1.1)
|
124
|
-
simplecov-html (~> 0.11)
|
125
|
-
simplecov-html (0.12.2)
|
126
|
-
sinatra (2.0.8.1)
|
127
|
-
mustermann (~> 1.0)
|
128
|
-
rack (~> 2.0)
|
129
|
-
rack-protection (= 2.0.8.1)
|
130
|
-
tilt (~> 2.0)
|
131
|
-
thin (1.7.2)
|
132
|
-
daemons (~> 1.0, >= 1.0.9)
|
133
|
-
eventmachine (~> 1.0, >= 1.0.4)
|
134
|
-
rack (>= 1, < 3)
|
135
|
-
thor (1.0.1)
|
136
|
-
tilt (2.0.10)
|
137
|
-
unicode-display_width (1.6.1)
|
138
|
-
url (0.3.2)
|
139
|
-
webmock (3.8.2)
|
140
|
-
addressable (>= 2.3.6)
|
141
|
-
crack (>= 0.3.2)
|
142
|
-
hashdiff (>= 0.4.0, < 2.0.0)
|
143
|
-
|
144
|
-
PLATFORMS
|
145
|
-
ruby
|
146
|
-
|
147
|
-
DEPENDENCIES
|
148
|
-
bundler (~> 1.9)
|
149
|
-
codecov
|
150
|
-
dotenv
|
151
|
-
gem-release
|
152
|
-
guard-rspec
|
153
|
-
jwt
|
154
|
-
listen (~> 3.1.5)
|
155
|
-
omniauth-auth0!
|
156
|
-
pry
|
157
|
-
rack-test
|
158
|
-
rake
|
159
|
-
rspec (~> 3.5)
|
160
|
-
rubocop
|
161
|
-
shotgun
|
162
|
-
simplecov
|
163
|
-
sinatra
|
164
|
-
thin
|
165
|
-
webmock
|
166
|
-
|
167
|
-
BUNDLED WITH
|
168
|
-
1.17.3
|