omniauth-auth0 2.4.2 → 2.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6ad5a6389a6ed38fa4e1f63003ffac76c0450bfe06e21bda0fbd0d8c3044b1dc
-  data.tar.gz: 9c1638cc2f0681e8a258baeb4565a7bb9d3caef845f09b913374b258e51047dc
+  metadata.gz: 530b0c2ecfb26938944778585c034f1281b46f0c7e920f40b9d58c72fb892c52
+  data.tar.gz: 0ca3365ce632a95272eabb1b1db1ed7fcc6faacdbdc1acaa3fa9889329886cef
 SHA512:
-  metadata.gz: 9008eb1eed6d50dd7f23943e5d1b8a5a2dc2364b2a249181cfd1a8768e347fb7b3611a4d4155fdbd58ee8938d4b0c4674f25ef665ffab5947632d83a88aa0a5f
-  data.tar.gz: 28523e968e72a6dd552fdf9615866ec46fc355e77cfd393005328be6033a875340e3badd6da8836f483a9bdee2cd371b061df5412f3caeb2c88ba1a619e1da67
+  metadata.gz: f1ad9ad998942bd4b081c8873352bf54d0bc5900203baee151535324533b28954e7ab3e990ada83436189bd22a17b24d3a31d7552d45570fe356d00bfbb85fd6
+  data.tar.gz: 60954e800d0a30ea948590cb89b90038185dfa7466bf301ef4e7b782a3b327265921cccf6ddbd4275789046a12c0e4d0956ce4a73ab35d1ea20e633432430e45

data/.circleci/config.yml

@@ -1,17 +1,38 @@
 version: 2.1
+matrix_rubyversions: &matrix_rubyversions
+  matrix:
+    parameters:
+      rubyversion: ["2.5", "2.6", "2.7", "3.0"]
+# Default version of ruby to use for lint and publishing
+default_rubyversion: &default_rubyversion "2.7"
+
+executors:
+  ruby:
+    parameters:
+      rubyversion:
+        type: string
+        default: *default_rubyversion
+    docker:
+      - image: circleci/ruby:<< parameters.rubyversion >>
+
 jobs:
   run-tests:
-    docker:
-      - image: circleci/ruby:2.5.7-buster
+    parameters:
+      rubyversion:
+        type: string
+        default: *default_rubyversion
+    executor:
+      name: ruby
+      rubyversion: "<< parameters.rubyversion >>"
     steps:
       - checkout
       - restore_cache:
           keys:
-            - gems-v2-{{ checksum "Gemfile.lock" }}
+            - gems-v2-{{ checksum "Gemfile" }}
             - gems-v2-
       - run: bundle check || bundle install
       - save_cache:
-          key: gems-v2--{{ checksum "Gemfile.lock" }}
+          key: gems-v2--{{ checksum "Gemfile" }}
           paths:
             - vendor/bundle
       - run: bundle exec rake spec
@@ -19,4 +40,5 @@ jobs:
 workflows:
   tests:
     jobs:
-      - run-tests
+      - run-tests:
+          <<: *matrix_rubyversions

data/.github/CODEOWNERS

@@ -1 +1 @@
-*	@auth0/dx-sdks-approver
+*	@auth0/dx-sdks-engineer

data/.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,8 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Auth0 Community
+    url: https://community.auth0.com/c/sdks/5
+    about: Discuss this SDK in the Auth0 Community forums
+  - name: Library Documentation
+    url: https://github.com/auth0/omniauth-auth0#documentation
+    about: Read the library docs on Auth0.com

data/.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,39 @@
+---
+name: Feature request
+about: Suggest an idea or a feature for this project
+title: ''
+labels: feature request
+assignees: ''
+---
+
+<!--
+**Please do not report security vulnerabilities here**. The Responsible Disclosure Program (https://auth0.com/whitehat) details the procedure for disclosing security issues.
+
+Thank you in advance for helping us to improve this library! Your attention to detail here is greatly appreciated and will help us respond as quickly as possible. For general support or usage questions, use the Auth0 Community (https://community.auth0.com/) or Auth0 Support (https://support.auth0.com/). Finally, to avoid duplicates, please search existing Issues before submitting one here.
+
+By submitting an Issue to this repository, you agree to the terms within the Auth0 Code of Conduct (https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md).
+-->
+
+### Describe the problem you'd like to have solved
+
+<!--
+> A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+-->
+
+### Describe the ideal solution
+
+<!--
+> A clear and concise description of what you want to happen.
+-->
+
+## Alternatives and current work-arounds
+
+<!--
+> A clear and concise description of any alternatives you've considered or any work-arounds that are currently in place.
+-->
+
+### Additional information, if any
+
+<!--
+> Add any other context or screenshots about the feature request here.
+-->

data/.github/ISSUE_TEMPLATE/report_a_bug.md

@@ -0,0 +1,55 @@
+---
+name: Report a bug
+about: Have you found a bug or issue? Create a bug report for this SDK
+title: ''
+labels: bug report
+assignees: ''
+---
+
+<!--
+**Please do not report security vulnerabilities here**. The Responsible Disclosure Program (https://auth0.com/whitehat) details the procedure for disclosing security issues.
+
+Thank you in advance for helping us to improve this library! Please read through the template below and answer all relevant questions. Your additional work here is greatly appreciated and will help us respond as quickly as possible. For general support or usage questions, use the Auth0 Community (https://community.auth0.com/) or Auth0 Support (https://support.auth0.com/). Finally, to avoid duplicates, please search existing Issues before submitting one here.
+
+By submitting an Issue to this repository, you agree to the terms within the Auth0 Code of Conduct (https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md).
+-->
+
+### Describe the problem
+
+<!--
+> Provide a clear and concise description of the issue
+-->
+
+### What was the expected behavior?
+
+<!--
+> Tell us about the behavior you expected to see
+-->
+
+### Reproduction
+<!--
+> Detail the steps taken to reproduce this error, and whether this issue can be reproduced consistently or if it is intermittent.
+> **Note**: If clear, reproducable steps or the smallest sample app demonstrating misbehavior cannot be provided, we may not be able to follow up on this bug report.
+
+> Where possible, please include:
+>
+> - The smallest possible sample app that reproduces the undesirable behavior
+> - Log files (redact/remove sensitive information)
+> - Application settings (redact/remove sensitive information)
+> - Screenshots
+-->
+
+- Step 1..
+- Step 2..
+- ...
+
+### Environment
+
+<!--
+> Please provide the following:
+-->
+
+- **Version of this library used:**
+- **Which framework are you using, if applicable:**
+- **Other modules/plugins/libraries that might be involved:**
+- **Any other relevant information you think would be useful:**

data/.gitignore

@@ -10,3 +10,5 @@ tmp/
 ## Environment normalization:
 /.bundle
 /vendor/bundle
+
+Gemfile.lock

data/CHANGELOG.md

@@ -1,5 +1,19 @@
 # Change Log
 
+## [v2.5.0](https://github.com/auth0/omniauth-auth0/tree/v2.5.0) (2021-01-21)
+
+[Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v2.4.2...v2.5.0)
+
+**Added**
+- Parsing claims from the id_token [\#120](https://github.com/auth0/omniauth-auth0/pull/120) ([davidpatrick](https://github.com/davidpatrick))
+
+**Changed**
+- Setup build matrix in CI [\#116](https://github.com/auth0/omniauth-auth0/pull/116) ([dmathieu](https://github.com/dmathieu))
+
+**Fixed**
+- Fixes params passed to authorize [\#119](https://github.com/auth0/omniauth-auth0/pull/119) ([davidpatrick](https://github.com/davidpatrick))
+
+
 ## [v2.4.2](https://github.com/auth0/omniauth-auth0/tree/v2.4.2) (2021-01-19)
 
 [Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v2.4.1...v2.4.2)

data/Gemfile

@@ -17,7 +17,7 @@ end
 
 group :test do
   gem 'guard-rspec', require: false
-  gem 'listen', '~> 3.1.5'
+  gem 'listen', '~> 3'
   gem 'rack-test'
   gem 'rspec', '~> 3.5'
   gem 'codecov', require: false

data/README.md

@@ -25,6 +25,7 @@ An [OmniAuth](https://github.com/intridea/omniauth) strategy for authenticating
 
 - [Ruby on Rails Quickstart](https://auth0.com/docs/quickstart/webapp/rails)
 - [Sample projects](https://github.com/auth0-samples/auth0-rubyonrails-sample)
+- [API Reference](https://www.rubydoc.info/gems/omniauth-auth0)
 
 ## Installation
 
@@ -169,4 +170,4 @@ Auth0 helps you to easily:
 The OmniAuth Auth0 strategy is licensed under MIT - [LICENSE](LICENSE)
 
 
-[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fauth0%2Fomniauth-auth0.svg?type=large)](https://app.fossa.com/projects/git%2Bgithub.com%2Fauth0%2Fomniauth-auth0?ref=badge_large)
+[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fauth0%2Fomniauth-auth0.svg?type=large)](https://app.fossa.com/projects/git%2Bgithub.com%2Fauth0%2Fomniauth-auth0?ref=badge_large)

data/lib/omniauth-auth0/version.rb

@@ -1,5 +1,5 @@
 module OmniAuth
   module Auth0
-    VERSION = '2.4.2'.freeze
+    VERSION = '2.5.0'.freeze
   end
 end

data/lib/omniauth/auth0/jwt_validator.rb

@@ -29,29 +29,33 @@ module OmniAuth
       end
 
       # Verify a token's signature. Only tokens signed with the RS256 or HS256 signatures are supported.
+      # Deprecated: Please use `decode` instead
       # @return array - The token's key and signing algorithm
       def verify_signature(jwt)
         head = token_head(jwt)
-
-        # Make sure the algorithm is supported and get the decode key.
-        if head[:alg] == 'RS256'
-          key, alg = [rs256_decode_key(head[:kid]), head[:alg]]
-        elsif head[:alg] == 'HS256'
-          key, alg = [@client_secret, head[:alg]]
-        else
-          raise OmniAuth::Auth0::TokenValidationError.new("Signature algorithm of #{head[:alg]} is not supported. Expected the ID token to be signed with RS256 or HS256")
-        end
+        key, alg = extract_key(head)
 
         # Call decode to verify the signature
         JWT.decode(jwt, key, true, decode_opts(alg))
-
         return key, alg
       end
 
+      # Decodes a JWT and verifies it's signature. Only tokens signed with the RS256 or HS256 signatures are supported.
+      # @param jwt string - JWT to verify.
+      # @return hash - The decoded token, if there were no exceptions.
+      # @see https://github.com/jwt/ruby-jwt
+      def decode(jwt)
+        head = token_head(jwt)
+        key, alg = extract_key(head)
+
+        # Call decode to verify the signature
+        JWT.decode(jwt, key, true, decode_opts(alg))
+      end
+
       # Verify a JWT.
       # @param jwt string - JWT to verify.
       # @param authorize_params hash - Authorization params to verify on the JWT
-      # @return hash - The verified token, if there were no exceptions.
+      # @return hash - The verified token payload, if there were no exceptions.
       def verify(jwt, authorize_params = {})
         if !jwt
           raise OmniAuth::Auth0::TokenValidationError.new('ID token is required but missing')
@@ -62,8 +66,7 @@ module OmniAuth
           raise OmniAuth::Auth0::TokenValidationError.new('ID token could not be decoded')
         end
 
-        key, alg = verify_signature(jwt)
-        id_token, header = JWT.decode(jwt, key, false)
+        id_token, header = decode(jwt)
         verify_claims(id_token, authorize_params)
 
         return id_token
@@ -116,6 +119,16 @@ module OmniAuth
         }
       end
 
+      def extract_key(head)
+        if head[:alg] == 'RS256'
+          key, alg = [rs256_decode_key(head[:kid]), head[:alg]]
+        elsif head[:alg] == 'HS256'
+          key, alg = [@client_secret, head[:alg]]
+        else
+          raise OmniAuth::Auth0::TokenValidationError.new("Signature algorithm of #{head[:alg]} is not supported. Expected the ID token to be signed with RS256 or HS256")
+        end
+      end
+
       def rs256_decode_key(kid)
         jwks_x5c = jwks_key(:x5c, kid)
 
@@ -153,7 +166,8 @@ module OmniAuth
       def uri_string(uri)
         temp_domain = URI(uri)
         temp_domain = URI("https://#{uri}") unless temp_domain.scheme
-        "#{temp_domain}/"
+        temp_domain = temp_domain.to_s
+        temp_domain.end_with?('/') ? temp_domain : "#{temp_domain}/"
       end
 
       def verify_claims(id_token, authorize_params)

data/lib/omniauth/strategies/auth0.rb

@@ -57,8 +57,7 @@ module OmniAuth
         auth_scope = session_authorize_params[:scope]
         if auth_scope.respond_to?(:include?) && auth_scope.include?('openid')
           # Make sure the ID token can be verified and decoded.
-          auth0_jwt = OmniAuth::Auth0::JWTValidator.new(options)
-          auth0_jwt.verify(credentials['id_token'], session_authorize_params)
+          jwt_validator.verify(credentials['id_token'], session_authorize_params)
         end
 
         credentials
@@ -85,9 +84,8 @@ module OmniAuth
       # Define the parameters used for the /authorize endpoint
       def authorize_params
         params = super
-        parsed_query = Rack::Utils.parse_query(request.query_string)
         %w[connection connection_scope prompt screen_hint].each do |key|
-          params[key] = parsed_query[key] if parsed_query.key?(key)
+          params[key] = request.params[key] if request.params.key?(key)
         end
 
         # Generate nonce
@@ -130,11 +128,23 @@ module OmniAuth
       end
 
       private
+      def jwt_validator
+        @jwt_validator ||= OmniAuth::Auth0::JWTValidator.new(options)
+      end
 
       # Parse the raw user info.
       def raw_info
-        userinfo_url = options.client_options.userinfo_url
-        @raw_info ||= access_token.get(userinfo_url).parsed
+        return @raw_info if @raw_info
+
+        if access_token["id_token"]
+          claims, header = jwt_validator.decode(access_token["id_token"])
+          @raw_info = claims
+        else
+          userinfo_url = options.client_options.userinfo_url
+          @raw_info = access_token.get(userinfo_url).parsed
+        end
+
+        return @raw_info
       end
 
       # Check if the options include a client_id

data/omniauth-auth0.gemspec

@@ -21,9 +21,10 @@ omniauth-auth0 is the OmniAuth strategy for Auth0.
   s.executables   = `git ls-files -- bin/*`.split('\n').map{ |f| File.basename(f) }
   s.require_paths = ['lib']
 
-  s.add_runtime_dependency 'omniauth-oauth2', '~> 1.5'
   s.add_runtime_dependency 'omniauth', '~> 1.9'
-  s.add_development_dependency 'bundler', '~> 1.9'
+  s.add_runtime_dependency 'omniauth-oauth2', '~> 1.5'
+
+  s.add_development_dependency 'bundler'
   
   s.license = 'MIT'
 end

data/spec/omniauth/auth0/jwt_validator_spec.rb

@@ -133,16 +133,26 @@ describe OmniAuth::Auth0::JWTValidator do
     end
 
     context 'different from domain' do
-      let(:jwt_validator) do
-        make_jwt_validator(opt_issuer: 'different.auth0.com')
+      shared_examples_for 'has correct issuer and domain' do
+        let(:jwt_validator) { make_jwt_validator(opt_issuer: opt_issuer) }
+
+        it 'should have the correct issuer' do
+          expect(jwt_validator.issuer).to eq('https://different.auth0.com/')
+        end
+
+        it 'should have the correct domain' do
+          expect(jwt_validator.domain).to eq('https://samples.auth0.com/')
+        end
       end
 
-      it 'should have the correct issuer' do
-        expect(jwt_validator.issuer).to eq('https://different.auth0.com/')
+      context 'without protocol and trailing slash' do
+        let(:opt_issuer) { 'different.auth0.com' }
+        it_behaves_like 'has correct issuer and domain'
       end
 
-      it 'should have the correct domain' do
-        expect(jwt_validator.domain).to eq('https://samples.auth0.com/')
+      context 'with protocol and trailing slash' do
+        let(:opt_issuer) { 'https://different.auth0.com/' }
+        it_behaves_like 'has correct issuer and domain'
       end
     end
   end

data/spec/omniauth/strategies/auth0_spec.rb

@@ -26,7 +26,12 @@ describe OmniAuth::Strategies::Auth0 do
   end
 
   describe 'client_options' do
-    let(:subject) { auth0.client }
+    let(:subject) { OmniAuth::Strategies::Auth0.new(
+      application,
+      client_id,
+      client_secret,
+      domain_url
+    ).client }
 
     context 'domain with https' do
       let(:domain_url) { 'https://samples.auth0.com' }
@@ -161,12 +166,17 @@ describe OmniAuth::Strategies::Auth0 do
         payload['sub'] = user_id
         payload['iss'] = "#{domain_url}/"
         payload['aud'] = client_id
+        payload['name'] = name
+        payload['nickname'] = nickname
+        payload['picture'] = picture
+        payload['email'] = email
+        payload['email_verified'] = email_verified
+
         JWT.encode payload, client_secret, 'HS256'
       end
 
       let(:oauth_response) do
         {
-          id_token: id_token,
           access_token: access_token,
           expires_in: expires_in,
           token_type: token_type
@@ -182,17 +192,7 @@ describe OmniAuth::Strategies::Auth0 do
         }
       end
 
-      let(:basic_user_info) { { sub: user_id } }
-      let(:oidc_user_info) do
-        {
-          sub: user_id,
-          name: name,
-          nickname: nickname,
-          email: email,
-          picture: picture,
-          email_verified: email_verified
-        }
-      end
+      let(:basic_user_info) { { "sub" => user_id, "name" => name } }
 
       def stub_auth(body)
         stub_request(:post, 'https://samples.auth0.com/oauth/token')
@@ -220,7 +220,9 @@ describe OmniAuth::Strategies::Auth0 do
         WebMock.reset!
       end
 
-      let(:subject) { MultiJson.decode(last_response.body) }
+      let(:subject) do
+        MultiJson.decode(last_response.body)
+      end
 
       context 'basic oauth' do
         before do
@@ -239,10 +241,14 @@ describe OmniAuth::Strategies::Auth0 do
           expect(subject['credentials']['expires_at']).to_not be_nil
         end
 
-        it 'has basic values' do
+        it 'has basic values'  do
           expect(subject['provider']).to eq('auth0')
           expect(subject['uid']).to eq(user_id)
-          expect(subject['info']['name']).to eq(user_id)
+          expect(subject['info']['name']).to eq(name)
+        end
+
+        it 'should use the user info endpoint' do
+          expect(subject['extra']['raw_info']).to eq(basic_user_info)
         end
       end
 
@@ -268,7 +274,6 @@ describe OmniAuth::Strategies::Auth0 do
       context 'oidc' do
         before do
           stub_auth(oidc_response)
-          stub_userinfo(oidc_user_info)
           trigger_callback
         end
 

metadata

@@ -1,57 +1,57 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-auth0
 version: !ruby/object:Gem::Version
-  version: 2.4.2
+  version: 2.5.0
 platform: ruby
 authors:
 - Auth0
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-01-20 00:00:00.000000000 Z
+date: 2021-01-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: omniauth-oauth2
+  name: omniauth
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.5'
+        version: '1.9'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.5'
+        version: '1.9'
 - !ruby/object:Gem::Dependency
-  name: omniauth
+  name: omniauth-oauth2
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.9'
+        version: '1.5'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.9'
+        version: '1.5'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.9'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.9'
+        version: '0'
 description: |
   Auth0 is an authentication broker that supports social identity providers as well as enterprise identity providers such as Active Directory, LDAP, Google Apps, Salesforce.
 
@@ -67,7 +67,9 @@ files:
 - ".circleci/config.yml"
 - ".gemrelease"
 - ".github/CODEOWNERS"
-- ".github/ISSUE_TEMPLATE.md"
+- ".github/ISSUE_TEMPLATE/config.yml"
+- ".github/ISSUE_TEMPLATE/feature_request.md"
+- ".github/ISSUE_TEMPLATE/report_a_bug.md"
 - ".github/PULL_REQUEST_TEMPLATE.md"
 - ".github/stale.yml"
 - ".gitignore"
@@ -78,7 +80,6 @@ files:
 - CODE_OF_CONDUCT.md
 - CONTRIBUTING.md
 - Gemfile
-- Gemfile.lock
 - Guardfile
 - LICENSE
 - README.md

data/.github/ISSUE_TEMPLATE.md

@@ -1,39 +0,0 @@
-In order to efficiently and accurately address your issue or feature request, please read through the template below and answer all relevant questions. Your additional work here is greatly appreciated and will help us respond as quickly as possible. Please delete any sections or questions below that do not pertain to this request.
-
-For general support or usage questions, please use the [Auth0 Community](https://community.auth0.com/) or [Auth0 Support](https://support.auth0.com.).
-
-### Description
-
-Description of the bug or feature request and why it's a problem. Consider including:
-
-- The use case or overall problem you're trying to solve
-- Information about when the problem started
-
-### Prerequisites
-
-* [ ] I have read the [Auth0 contribution guidelines](https://github.com/auth0/open-source-template/blob/master/GENERAL-CONTRIBUTING.md)
-* [ ] I have read the [Auth0 Code of Conduct](https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md)
-* [ ] Did you check the [documentation](https://auth0.com/docs/quickstart/webapp/rails)?
-* [ ] Did you check [Auth0 Community](https://community.auth0.com/tags/rails)?
-* [ ] Are you reporting this to the correct repository? This strategy relies on [OmniAuth](https://github.com/omniauth/omniauth) and the [OmniAuth OAuth2](https://github.com/omniauth/omniauth-oauth2) strategy. 
-* [ ] Are there any related or duplicate [Issues](https://github.com/auth0/omniauth-auth0/issues) or [PRs](https://github.com/auth0/omniauth-auth0/pulls) for this issue?
-
-### Environment
-
-Please provide the following:
-
-* OmniAuth-Auth0 version:
-* Ruby version:
-* Rails veresion:
-* Browser version, if applicable:
-* Additional gems that might be affecting your instance:
-
-### Reproduction
-
-Detail the steps taken to reproduce this error and note if this issue can be reproduced consistently or if it is intermittent.
-
-Please include:
-
-- Log files (redact/remove sensitive information)
-- Application settings (redact/remove sensitive information)
-- Screenshots, if helpful

data/Gemfile.lock

@@ -1,172 +0,0 @@
-PATH
-  remote: .
-  specs:
-    omniauth-auth0 (2.4.2)
-      omniauth (~> 1.9)
-      omniauth-oauth2 (~> 1.5)
-
-GEM
-  remote: https://rubygems.org/
-  specs:
-    addressable (2.7.0)
-      public_suffix (>= 2.0.2, < 5.0)
-    ast (2.4.1)
-    codecov (0.3.0)
-      simplecov (>= 0.15, < 0.22)
-    coderay (1.1.3)
-    crack (0.4.5)
-      rexml
-    daemons (1.3.1)
-    diff-lcs (1.4.4)
-    docile (1.3.5)
-    dotenv (2.7.6)
-    eventmachine (1.2.7)
-    faraday (1.3.0)
-      faraday-net_http (~> 1.0)
-      multipart-post (>= 1.2, < 3)
-      ruby2_keywords
-    faraday-net_http (1.0.1)
-    ffi (1.14.2)
-    formatador (0.2.5)
-    gem-release (2.2.0)
-    guard (2.16.2)
-      formatador (>= 0.2.4)
-      listen (>= 2.7, < 4.0)
-      lumberjack (>= 1.0.12, < 2.0)
-      nenv (~> 0.1)
-      notiffany (~> 0.0)
-      pry (>= 0.9.12)
-      shellany (~> 0.0)
-      thor (>= 0.18.1)
-    guard-compat (1.2.1)
-    guard-rspec (4.7.3)
-      guard (~> 2.1)
-      guard-compat (~> 1.1)
-      rspec (>= 2.99.0, < 4.0)
-    hashdiff (1.0.1)
-    hashie (4.1.0)
-    jwt (2.2.2)
-    listen (3.1.5)
-      rb-fsevent (~> 0.9, >= 0.9.4)
-      rb-inotify (~> 0.9, >= 0.9.7)
-      ruby_dep (~> 1.2)
-    lumberjack (1.2.8)
-    method_source (1.0.0)
-    multi_json (1.15.0)
-    multi_xml (0.6.0)
-    multipart-post (2.1.1)
-    mustermann (1.1.1)
-      ruby2_keywords (~> 0.0.1)
-    nenv (0.3.0)
-    notiffany (0.1.3)
-      nenv (~> 0.1)
-      shellany (~> 0.0)
-    oauth2 (1.4.4)
-      faraday (>= 0.8, < 2.0)
-      jwt (>= 1.0, < 3.0)
-      multi_json (~> 1.3)
-      multi_xml (~> 0.5)
-      rack (>= 1.2, < 3)
-    omniauth (1.9.1)
-      hashie (>= 3.4.6)
-      rack (>= 1.6.2, < 3)
-    omniauth-oauth2 (1.7.1)
-      oauth2 (~> 1.4)
-      omniauth (>= 1.9, < 3)
-    parallel (1.20.1)
-    parser (3.0.0.0)
-      ast (~> 2.4.1)
-    pry (0.13.1)
-      coderay (~> 1.1)
-      method_source (~> 1.0)
-    public_suffix (4.0.6)
-    rack (2.2.3)
-    rack-protection (2.1.0)
-      rack
-    rack-test (1.1.0)
-      rack (>= 1.0, < 3)
-    rainbow (3.0.0)
-    rake (13.0.3)
-    rb-fsevent (0.10.4)
-    rb-inotify (0.10.1)
-      ffi (~> 1.0)
-    regexp_parser (2.0.3)
-    rexml (3.2.4)
-    rspec (3.10.0)
-      rspec-core (~> 3.10.0)
-      rspec-expectations (~> 3.10.0)
-      rspec-mocks (~> 3.10.0)
-    rspec-core (3.10.1)
-      rspec-support (~> 3.10.0)
-    rspec-expectations (3.10.1)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.10.0)
-    rspec-mocks (3.10.1)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.10.0)
-    rspec-support (3.10.1)
-    rubocop (1.8.1)
-      parallel (~> 1.10)
-      parser (>= 3.0.0.0)
-      rainbow (>= 2.2.2, < 4.0)
-      regexp_parser (>= 1.8, < 3.0)
-      rexml
-      rubocop-ast (>= 1.2.0, < 2.0)
-      ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 3.0)
-    rubocop-ast (1.4.0)
-      parser (>= 2.7.1.5)
-    ruby-progressbar (1.11.0)
-    ruby2_keywords (0.0.4)
-    ruby_dep (1.5.0)
-    shellany (0.0.1)
-    shotgun (0.9.2)
-      rack (>= 1.0)
-    simplecov (0.21.2)
-      docile (~> 1.1)
-      simplecov-html (~> 0.11)
-      simplecov_json_formatter (~> 0.1)
-    simplecov-html (0.12.3)
-    simplecov_json_formatter (0.1.2)
-    sinatra (2.1.0)
-      mustermann (~> 1.0)
-      rack (~> 2.2)
-      rack-protection (= 2.1.0)
-      tilt (~> 2.0)
-    thin (1.8.0)
-      daemons (~> 1.0, >= 1.0.9)
-      eventmachine (~> 1.0, >= 1.0.4)
-      rack (>= 1, < 3)
-    thor (1.0.1)
-    tilt (2.0.10)
-    unicode-display_width (2.0.0)
-    webmock (3.11.1)
-      addressable (>= 2.3.6)
-      crack (>= 0.3.2)
-      hashdiff (>= 0.4.0, < 2.0.0)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  bundler (~> 1.9)
-  codecov
-  dotenv
-  gem-release
-  guard-rspec
-  jwt
-  listen (~> 3.1.5)
-  omniauth-auth0!
-  pry
-  rack-test
-  rake
-  rspec (~> 3.5)
-  rubocop
-  shotgun
-  simplecov
-  sinatra
-  thin
-  webmock
-
-BUNDLED WITH
-   1.17.3