omniauth-auth0 2.6.0 → 3.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f45e6ee50254603367c7de482ce5537b48c5faf1bc7a4f2797cf461f21b37198
4
- data.tar.gz: 88eb699d3cf59148df15728b42d517e010bebe29617f1f9e972dc9656e5a79a2
3
+ metadata.gz: 7c56b51f9b1e20c19151c11b2ebed36d976795af342e1ddb6e2faf8adbd606dc
4
+ data.tar.gz: d464a395f1a95859ce5bcba3956955e489319f7efd5a263f7e1a904810ab58db
5
5
  SHA512:
6
- metadata.gz: 829fd68186ab4685d7628b6a7c3a0cce95b1008396e6b6588e72b30ff7b077c103109bafe8e3e480539a07d715550fed27b2d73f537e505498a8b434655a0776
7
- data.tar.gz: 8d03a181ad81f1b08618f542d1971d298a9751ca5d02e949bcf8f60bbf4d6ba2ce3463e6f5ce5a01945a82f24ce7e6f67881192f3e4214a2d05bb556ba6ef66e
6
+ metadata.gz: c24758a4b888a15d499d5a0ad612932f2e452a361fba86dc5af59c812be1c77e10a5735f267e0abfb45e382b381003592b74bbb3fdef8814e58345741a57a978
7
+ data.tar.gz: a8db445c711acd8b1716baef83f95fad39c7c011c7918a862aabb55b69cae02105df3beced2155298478dc580985a5791acbfa629459116244f924f85e470c57
data/.circleci/config.yml CHANGED
@@ -1,8 +1,12 @@
1
1
  version: 2.1
2
+ orbs:
3
+ ship: auth0/ship@0
4
+ codecov: codecov/codecov@3
5
+
2
6
  matrix_rubyversions: &matrix_rubyversions
3
7
  matrix:
4
8
  parameters:
5
- rubyversion: ["2.5", "2.6", "2.7", "3.0"]
9
+ rubyversion: ["2.7", "3.0", "3.1"]
6
10
  # Default version of ruby to use for lint and publishing
7
11
  default_rubyversion: &default_rubyversion "2.7"
8
12
 
@@ -13,7 +17,7 @@ executors:
13
17
  type: string
14
18
  default: *default_rubyversion
15
19
  docker:
16
- - image: circleci/ruby:<< parameters.rubyversion >>
20
+ - image: cimg/ruby:<< parameters.rubyversion >>
17
21
 
18
22
  jobs:
19
23
  run-tests:
@@ -30,15 +34,30 @@ jobs:
30
34
  keys:
31
35
  - gems-v2-{{ checksum "Gemfile" }}
32
36
  - gems-v2-
33
- - run: bundle check || bundle install
37
+ - run: |
38
+ echo 'export BUNDLER_VERSION=$(cat Gemfile.lock | tail -1 | tr -d " ")' >> $BASH_ENV
39
+ source $BASH_ENV
40
+ gem install bundler
41
+ bundle check || bundle install
34
42
  - save_cache:
35
43
  key: gems-v2--{{ checksum "Gemfile" }}
36
44
  paths:
37
45
  - vendor/bundle
38
46
  - run: bundle exec rake spec
47
+ - codecov/upload
39
48
 
40
49
  workflows:
41
50
  tests:
42
51
  jobs:
43
52
  - run-tests:
44
53
  <<: *matrix_rubyversions
54
+ - ship/ruby-publish:
55
+ context:
56
+ - publish-rubygems
57
+ - publish-gh
58
+ filters:
59
+ branches:
60
+ only:
61
+ - master
62
+ requires:
63
+ - run-tests
@@ -0,0 +1,18 @@
1
+ {
2
+ "name": "Ruby",
3
+ "image": "mcr.microsoft.com/devcontainers/ruby:3.1",
4
+ "features": {
5
+ "ghcr.io/devcontainers/features/node:1": {
6
+ "version": "lts"
7
+ }
8
+ },
9
+
10
+ // Use 'forwardPorts' to make a list of ports inside the container available locally.
11
+ // "forwardPorts": [],
12
+
13
+ // Use 'postCreateCommand' to run commands after the container is created.
14
+ // "postCreateCommand": "ruby --version",
15
+
16
+ // Set `remoteUser` to `root` to connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
17
+ "remoteUser": "vscode"
18
+ }
@@ -0,0 +1,24 @@
1
+ name: Semgrep
2
+
3
+ on:
4
+ pull_request: {}
5
+
6
+ push:
7
+ branches: ["master", "main"]
8
+
9
+ schedule:
10
+ - cron: '30 0 1,15 * *'
11
+
12
+ jobs:
13
+ semgrep:
14
+ name: Scan
15
+ runs-on: ubuntu-latest
16
+ container:
17
+ image: returntocorp/semgrep
18
+ if: (github.actor != 'dependabot[bot]')
19
+ steps:
20
+ - uses: actions/checkout@v3
21
+
22
+ - run: semgrep ci
23
+ env:
24
+ SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
data/.gitignore CHANGED
@@ -10,5 +10,3 @@ tmp/
10
10
  ## Environment normalization:
11
11
  /.bundle
12
12
  /vendor/bundle
13
-
14
- Gemfile.lock
data/.semgrepignore ADDED
@@ -0,0 +1,4 @@
1
+ examples/
2
+ spec/
3
+ CHANGELOG.md
4
+ README.md
data/.shiprc ADDED
@@ -0,0 +1,7 @@
1
+ {
2
+ "files": {
3
+ "lib/omniauth-auth0/version.rb": []
4
+ },
5
+ "prebump": "bundle install && bundle exec rake test",
6
+ "postbump": "bundle update"
7
+ }
data/CHANGELOG.md CHANGED
@@ -1,32 +1,96 @@
1
1
  # Change Log
2
2
 
3
+ ## [v3.1.0](https://github.com/auth0/omniauth-auth0/tree/v3.1.0) (2022-11-04)
4
+
5
+ [Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v3.0.0...v3.1.0)
6
+
7
+ **Added**
8
+
9
+ - Add ui_locales to permitted params [\#135](https://github.com/auth0/omniauth-auth0/pull/135) ([martijn](https://github.com/martijn))
10
+
11
+ **Changed**
12
+
13
+ - Store plain Hash in session['authorize_params'] [\#150](https://github.com/auth0/omniauth-auth0/pull/150) ([santry](https://github.com/santry))
14
+ - Redesign readme to match new style [\#148](https://github.com/auth0/omniauth-auth0/pull/148) ([stevehobbsdev](https://github.com/stevehobbsdev))
15
+
16
+ **Fixed**
17
+
18
+ - Fix authentication hash link in code sample [\#153](https://github.com/auth0/omniauth-auth0/pull/153) ([ewanharris](https://github.com/ewanharris))
19
+
20
+ **Security**
21
+
22
+ - [Snyk] Fix for 1 vulnerabilities [\#149](https://github.com/auth0/omniauth-auth0/pull/149) ([snyk-bot](https://github.com/snyk-bot))
23
+ - Bump addressable from 2.7.0 to 2.8.0 [\#133](https://github.com/auth0/omniauth-auth0/pull/133) ([dependabot[bot]](https://github.com/apps/dependabot))
24
+ - [Snyk] Security upgrade webmock from 3.12.2 to 3.12.2 [\#134](https://github.com/auth0/omniauth-auth0/pull/134) ([snyk-bot](https://github.com/snyk-bot))
25
+
26
+ ## [v3.0.0](https://github.com/auth0/omniauth-auth0/tree/v3.0.0) (2021-04-14)
27
+
28
+ Version 3.0 introduces [Omniauth v2.0](https://github.com/omniauth/omniauth/releases/tag/v2.0.0) which addresses [CVE-2015-9284](https://nvd.nist.gov/vuln/detail/CVE-2015-9284). Omniauth now defaults to only allow `POST` as the allowed request_phase method. This was previously handled through the recommended [mitigation](https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284) using the `omniauth-rails_csrf_protection v0.x.x` gem to provide CSRF protection.
29
+
30
+ ### Upgrading to omniauth-rails_csrf_protection v1.0.0
31
+
32
+ If you are using `omniauth-rails_csrf_protection` to provide CSRF protection, you will need to be upgrade to `1.x.x`.
33
+
34
+ ### BREAKING CHANGES
35
+
36
+ Now that OmniAuth now defaults to only `POST` as the allowed request_phase method, if you aren't already, you will need to convert any login links to use [form helpers](https://api.rubyonrails.org/classes/ActionView/Helpers/FormHelper.html#method-i-form_for) with the `POST` method.
37
+
38
+ ```html+ruby
39
+ # OLD -- GET request
40
+ <a href='/auth/auth0'>Login</a>
41
+
42
+ # NEW Example #1 -- POST request
43
+ <%= link_to 'Login', 'auth/auth0', method: :post %>
44
+
45
+ # NEW Example #2 -- POST request
46
+ <%= button_to 'Login', 'auth/auth0', method: :post %>
47
+
48
+ # NEW Example #3 -- POST request
49
+ <%= form_tag('/auth/auth0', method: :post) do %>
50
+ <button type='submit'></button>
51
+ <% end %>
52
+ ```
53
+
54
+ ### Allowing GET Requests
55
+
56
+ In the scenario you absolutely must use GET requests as an allowed request method for authentication, you can override the protection provided with the following config override:
57
+
58
+ ```ruby
59
+ # Allowing GET requests will expose you to CVE-2015-9284
60
+ OmniAuth.config.allowed_request_methods = [:get, :post]
61
+ ```
62
+
3
63
  ## [v2.6.0](https://github.com/auth0/omniauth-auth0/tree/v2.6.0) (2021-04-01)
4
64
 
5
65
  [Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v2.5.0...v2.6.0)
6
66
 
7
67
  **Added**
8
- - Org Support [SDK-2395] [\#124](https://github.com/auth0/omniauth-auth0/pull/124) ([davidpatrick](https://github.com/davidpatrick))
9
- - Add login_hint to permitted params [\#123](https://github.com/auth0/omniauth-auth0/pull/123) ([Roriz](https://github.com/Roriz))
68
+
69
+ - Org Support [SDK-2395] [\#124](https://github.com/auth0/omniauth-auth0/pull/124) ([davidpatrick](https://github.com/davidpatrick))
70
+ - Add login_hint to permitted params [\#123](https://github.com/auth0/omniauth-auth0/pull/123) ([Roriz](https://github.com/Roriz))
10
71
 
11
72
  ## [v2.5.0](https://github.com/auth0/omniauth-auth0/tree/v2.5.0) (2021-01-21)
12
73
 
13
74
  [Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v2.4.2...v2.5.0)
14
75
 
15
76
  **Added**
77
+
16
78
  - Parsing claims from the id_token [\#120](https://github.com/auth0/omniauth-auth0/pull/120) ([davidpatrick](https://github.com/davidpatrick))
17
79
 
18
80
  **Changed**
81
+
19
82
  - Setup build matrix in CI [\#116](https://github.com/auth0/omniauth-auth0/pull/116) ([dmathieu](https://github.com/dmathieu))
20
83
 
21
84
  **Fixed**
22
- - Fixes params passed to authorize [\#119](https://github.com/auth0/omniauth-auth0/pull/119) ([davidpatrick](https://github.com/davidpatrick))
23
85
 
86
+ - Fixes params passed to authorize [\#119](https://github.com/auth0/omniauth-auth0/pull/119) ([davidpatrick](https://github.com/davidpatrick))
24
87
 
25
88
  ## [v2.4.2](https://github.com/auth0/omniauth-auth0/tree/v2.4.2) (2021-01-19)
26
89
 
27
90
  [Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v2.4.1...v2.4.2)
28
91
 
29
92
  **Fixed**
93
+
30
94
  - Lock Omniauth to 1.9 in gemspec
31
95
 
32
96
  ## [v2.4.1](https://github.com/auth0/omniauth-auth0/tree/v2.4.1) (2020-10-08)
@@ -34,22 +98,23 @@
34
98
  [Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v2.4.0...v2.4.1)
35
99
 
36
100
  **Fixed**
37
- - Verify the JWT Signature [\#109](https://github.com/auth0/omniauth-auth0/pull/109) ([jimmyjames](https://github.com/jimmyjames))
38
101
 
102
+ - Verify the JWT Signature [\#109](https://github.com/auth0/omniauth-auth0/pull/109) ([jimmyjames](https://github.com/jimmyjames))
39
103
 
40
104
  ## [v2.4.0](https://github.com/auth0/omniauth-auth0/tree/v2.4.0) (2020-09-22)
41
105
 
42
106
  [Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v2.3.1...v2.4.0)
43
107
 
44
108
  **Security**
109
+
45
110
  - Bump rack from 2.2.2 to 2.2.3 [\#107](https://github.com/auth0/omniauth-auth0/pull/107) ([dependabot](https://github.com/dependabot))
46
111
  - Update dependencies [\#100](https://github.com/auth0/omniauth-auth0/pull/100) ([Albalmaceda](https://github.com/Albalmaceda))
47
112
 
48
113
  **Added**
114
+
49
115
  - Add support for screen_hint=signup param [\#103](https://github.com/auth0/omniauth-auth0/pull/103) ([bbean86](https://github.com/bbean86))
50
116
  - Add support for `connection_scope` in params [\#99](https://github.com/auth0/omniauth-auth0/pull/99) ([felixclack](https://github.com/felixclack))
51
117
 
52
-
53
118
  ## [v2.3.1](https://github.com/auth0/omniauth-auth0/tree/v2.3.1) (2020-03-27)
54
119
 
55
120
  [Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v2.3.0...v2.3.1)
@@ -60,29 +125,37 @@
60
125
  - Fix "NameError: uninitialized constant OmniAuth::Auth0::TokenValidationError" [\#96](https://github.com/auth0/omniauth-auth0/pull/96) ([stefanwork](https://github.com/stefanwork))
61
126
 
62
127
  ## [v2.3.0](https://github.com/auth0/omniauth-auth0/tree/v2.3.0) (2020-03-06)
128
+
63
129
  [Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v2.2.0...v2.3.0)
64
130
 
65
131
  **Added**
132
+
66
133
  - Improved OIDC Compliance [\#92](https://github.com/auth0/omniauth-auth0/pull/92) ([davidpatrick](https://github.com/davidpatrick))
67
134
 
68
135
  ## [v2.2.0](https://github.com/auth0/omniauth-auth0/tree/v2.2.0) (2018-04-18)
136
+
69
137
  [Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v2.1.0...v2.2.0)
70
138
 
71
139
  **Closed issues**
140
+
72
141
  - It supports custom domain? [\#71](https://github.com/auth0/omniauth-auth0/issues/71)
73
142
  - Valid Login, No Details: email=nil image=nil name="github|38257089" nickname=nil [\#70](https://github.com/auth0/omniauth-auth0/issues/70)
74
143
 
75
144
  **Added**
145
+
76
146
  - Custom issuer [\#77](https://github.com/auth0/omniauth-auth0/pull/77) ([ryan-rosenfeld](https://github.com/ryan-rosenfeld))
77
147
  - Add telemetry to token endpoint [\#74](https://github.com/auth0/omniauth-auth0/pull/74) ([joshcanhelp](https://github.com/joshcanhelp))
78
148
 
79
149
  **Changed**
150
+
80
151
  - Remove telemetry from authorize URL [\#75](https://github.com/auth0/omniauth-auth0/pull/75) ([joshcanhelp](https://github.com/joshcanhelp))
81
152
 
82
153
  ## [v2.1.0](https://github.com/auth0/omniauth-auth0/tree/v2.1.0) (2018-10-30)
154
+
83
155
  [Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v2.0.0...v2.1.0)
84
156
 
85
157
  **Closed issues**
158
+
86
159
  - URL should be spelled uppercase outside of code [\#64](https://github.com/auth0/omniauth-auth0/issues/64)
87
160
  - Add prompt=none authorization param handler [\#58](https://github.com/auth0/omniauth-auth0/issues/58)
88
161
  - Could not find a valid mapping for path "/auth/oauth2/callback" [\#56](https://github.com/auth0/omniauth-auth0/issues/56)
@@ -91,18 +164,22 @@
91
164
  - /auth/:provider route not registered? [\#47](https://github.com/auth0/omniauth-auth0/issues/47)
92
165
 
93
166
  **Added**
167
+
94
168
  - Add ID token validation [\#62](https://github.com/auth0/omniauth-auth0/pull/62) ([joshcanhelp](https://github.com/joshcanhelp))
95
169
  - Silent authentication [\#59](https://github.com/auth0/omniauth-auth0/pull/59) ([batalla3692](https://github.com/batalla3692))
96
170
  - Pass connection parameter to auth0 [\#54](https://github.com/auth0/omniauth-auth0/pull/54) ([tomgi](https://github.com/tomgi))
97
171
 
98
172
  **Changed**
173
+
99
174
  - Update to omniauth-oauth2 [\#55](https://github.com/auth0/omniauth-auth0/pull/55) ([chills42](https://github.com/chills42))
100
175
 
101
176
  **Fixed**
177
+
102
178
  - Fix Rubocop errors [\#66](https://github.com/auth0/omniauth-auth0/pull/66) ([joshcanhelp](https://github.com/joshcanhelp))
103
179
  - Fix minute bug in README.md [\#63](https://github.com/auth0/omniauth-auth0/pull/63) ([rahuldess](https://github.com/rahuldess))
104
180
 
105
181
  ## [v2.0.0](https://github.com/auth0/omniauth-auth0/tree/v2.0.0) (2017-01-25)
182
+
106
183
  [Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v1.4.1...v2.0.0)
107
184
 
108
185
  Updated library to handle OIDC conformant clients and OAuth2 features in Auth0.
@@ -120,31 +197,36 @@ The `info` object will use the [OmniAuth schema](https://github.com/omniauth/omn
120
197
  Also in `extra` will have in `raw_info` the full /userinfo response.
121
198
 
122
199
  **Fixed**
200
+
123
201
  - Use image attribute of omniauth instead of picture [\#45](https://github.com/auth0/omniauth-auth0/pull/45) ([hzalaz](https://github.com/hzalaz))
124
- - Rework strategy to handle OAuth and OIDC [\#44](https://github.com/auth0/omniauth-auth0/pull/44) ([hzalaz](https://github.com/hzalaz))
202
+ - Rework strategy to handle OAuth and OIDC [\#44](https://github.com/auth0/omniauth-auth0/pull/44) ([hzalaz](https://github.com/hzalaz))
125
203
  - lock v10 update, dependencies update [\#41](https://github.com/auth0/omniauth-auth0/pull/41) ([Amialc](https://github.com/Amialc))
126
204
 
127
205
  ## [v1.4.2](https://github.com/auth0/omniauth-auth0/tree/v1.4.2) (2016-06-13)
206
+
128
207
  [Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v1.4.1...v1.4.2)
129
208
 
130
209
  **Added**
210
+
131
211
  - Link to OmniAuth site [\#36](https://github.com/auth0/omniauth-auth0/pull/36) ([jghaines](https://github.com/jghaines))
132
212
  - add ssl fix to RoR example [\#31](https://github.com/auth0/omniauth-auth0/pull/31) ([Amialc](https://github.com/Amialc))
133
213
  - Update LICENSE [\#17](https://github.com/auth0/omniauth-auth0/pull/17) ([aguerere](https://github.com/aguerere))
134
214
 
135
215
  **Changed**
216
+
136
217
  - Update lock to version 9 [\#34](https://github.com/auth0/omniauth-auth0/pull/34) ([Annyv2](https://github.com/Annyv2))
137
218
  - Update Gemfile [\#22](https://github.com/auth0/omniauth-auth0/pull/22) ([Annyv2](https://github.com/Annyv2))
138
219
  - Update lock [\#15](https://github.com/auth0/omniauth-auth0/pull/15) ([Annyv2](https://github.com/Annyv2))
139
220
 
140
221
  **Fixed**
222
+
141
223
  - Fix setup [\#38](https://github.com/auth0/omniauth-auth0/pull/38) ([deepak](https://github.com/deepak))
142
224
  - Added missing instruction [\#30](https://github.com/auth0/omniauth-auth0/pull/30) ([Annyv2](https://github.com/Annyv2))
143
225
  - Fixes undefined Auth0Lock issue [\#28](https://github.com/auth0/omniauth-auth0/pull/28) ([Annyv2](https://github.com/Annyv2))
144
226
  - Update Readme [\#27](https://github.com/auth0/omniauth-auth0/pull/27) ([Annyv2](https://github.com/Annyv2))
145
227
 
146
-
147
228
  ## [v1.4.1](https://github.com/auth0/omniauth-auth0/tree/v1.4.1) (2015-11-18)
229
+
148
230
  [Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v1.4.0...v1.4.1)
149
231
 
150
232
  **Merged pull requests:**
@@ -155,6 +237,7 @@ Also in `extra` will have in `raw_info` the full /userinfo response.
155
237
  - Add nested module in version.rb [\#9](https://github.com/auth0/omniauth-auth0/pull/9) ([l4u](https://github.com/l4u))
156
238
 
157
239
  ## [v1.4.0](https://github.com/auth0/omniauth-auth0/tree/v1.4.0) (2015-06-01)
240
+
158
241
  **Merged pull requests:**
159
242
 
160
243
  - Client headers [\#8](https://github.com/auth0/omniauth-auth0/pull/8) ([benschwarz](https://github.com/benschwarz))
@@ -163,6 +246,4 @@ Also in `extra` will have in `raw_info` the full /userinfo response.
163
246
  - Update README.md [\#3](https://github.com/auth0/omniauth-auth0/pull/3) ([pose](https://github.com/pose))
164
247
  - Fix Markdown typo [\#2](https://github.com/auth0/omniauth-auth0/pull/2) ([dentarg](https://github.com/dentarg))
165
248
 
166
-
167
-
168
- \* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*
249
+ \* _This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)_
data/EXAMPLES.md ADDED
@@ -0,0 +1,167 @@
1
+ * [Example of the resulting authentication hash](#example-of-the-resulting-authentication-hash)
2
+ * [Send additional authentication parameters](#send-additional-authentication-parameters)
3
+ * [Query Parameter Options](#query-parameter-options)
4
+ * [Auth0 Organizations](#auth0-organizations)
5
+ - [Logging in with an Organization](#logging-in-with-an-organization)
6
+ - [Validating Organizations when using Organization Login Prompt](#validating-organizations-when-using-organization-login-prompt)
7
+ - [Accepting user invitations](#accepting-user-invitations)
8
+
9
+ ### Example of the resulting authentication hash
10
+
11
+ The Auth0 strategy will provide the standard OmniAuth hash attributes:
12
+
13
+ - `:provider` - the name of the strategy, in this case `auth0`
14
+ - `:uid` - the user identifier
15
+ - `:info` - the result of the call to `/userinfo` using OmniAuth standard attributes
16
+ - `:credentials` - tokens requested and data
17
+ - `:extra` - Additional info obtained from calling `/userinfo` in the `:raw_info` property
18
+
19
+ ```ruby
20
+ {
21
+ :provider => 'auth0',
22
+ :uid => 'auth0|USER_ID',
23
+ :info => {
24
+ :name => 'John Foo',
25
+ :email => 'johnfoo@example.org',
26
+ :nickname => 'john',
27
+ :image => 'https://example.org/john.jpg'
28
+ },
29
+ :credentials => {
30
+ :token => 'ACCESS_TOKEN',
31
+ :expires_at => 1485373937,
32
+ :expires => true,
33
+ :refresh_token => 'REFRESH_TOKEN',
34
+ :id_token => 'JWT_ID_TOKEN',
35
+ :token_type => 'bearer',
36
+ },
37
+ :extra => {
38
+ :raw_info => {
39
+ :email => 'johnfoo@example.org',
40
+ :email_verified => 'true',
41
+ :name => 'John Foo',
42
+ :picture => 'https://example.org/john.jpg',
43
+ :user_id => 'auth0|USER_ID',
44
+ :nickname => 'john',
45
+ :created_at => '2014-07-15T17:19:50.387Z'
46
+ }
47
+ }
48
+ }
49
+ ```
50
+
51
+ ## Send additional authentication parameters
52
+
53
+ To send additional parameters during login, you can specify them when you register the provider:
54
+
55
+ ```ruby
56
+ provider
57
+ :auth0,
58
+ ENV['AUTH0_CLIENT_ID'],
59
+ ENV['AUTH0_CLIENT_SECRET'],
60
+ ENV['AUTH0_DOMAIN'],
61
+ {
62
+ authorize_params: {
63
+ scope: 'openid read:users write:order',
64
+ audience: 'https://mydomain/api',
65
+ max_age: 3600 # time in seconds authentication is valid
66
+ }
67
+ }
68
+ ```
69
+
70
+ This will tell the strategy to send those parameters on every authentication request.
71
+
72
+ ## Query Parameter Options
73
+
74
+ In some scenarios, you may need to pass specific query parameters to `/authorize`. The following parameters are available to enable this:
75
+
76
+ - `connection`
77
+ - `connection_scope`
78
+ - `prompt`
79
+ - `screen_hint` (only relevant to New Universal Login Experience)
80
+ - `organization`
81
+ - `invitation`
82
+
83
+ Simply pass these query parameters to your OmniAuth redirect endpoint to enable their behavior.
84
+
85
+ ## Auth0 Organizations
86
+
87
+ [Organizations](https://auth0.com/docs/organizations) is a set of features that provide better support for developers who build and maintain SaaS and Business-to-Business (B2B) applications.
88
+
89
+ Note that Organizations is currently only available to customers on our Enterprise and Startup subscription plans.
90
+
91
+ ### Logging in with an Organization
92
+
93
+ Logging in with an Organization is as easy as passing the parameters to the authorize endpoint. You can do this with
94
+
95
+ ```ruby
96
+ <%=
97
+ button_to 'Login', 'auth/auth0',
98
+ method: :post,
99
+ params: {
100
+ # Found in your Auth0 dashboard, under Organization settings:
101
+ organization: '{AUTH0_ORGANIZATION}'
102
+ }
103
+ %>
104
+ ```
105
+
106
+ Alternatively you can configure the organization when you register the provider:
107
+
108
+ ```ruby
109
+ provider
110
+ :auth0,
111
+ ENV['AUTH0_CLIENT_ID'],
112
+ ENV['AUTH0_CLIENT_SECRET'],
113
+ ENV['AUTH0_DOMAIN']
114
+ {
115
+ authorize_params: {
116
+ scope: 'openid read:users',
117
+ audience: 'https://{AUTH0_DOMAIN}/api',
118
+ organization: '{AUTH0_ORGANIZATION}'
119
+ }
120
+ }
121
+ ```
122
+
123
+ When passing `openid` to the scope and `organization` to the authorize params, you will receive an ID token on callback with the `org_id` claim. This claim is validated for you by the SDK.
124
+
125
+ ### Validating Organizations when using Organization Login Prompt
126
+
127
+ When Organization login prompt is enabled on your application, but you haven't specified an Organization for the application's authorization endpoint, the `org_id` claim will be present on the ID token, and should be validated to ensure that the value received is expected or known.
128
+
129
+ Normally, validating the issuer would be enough to ensure that the token was issued by Auth0, and this check is performed by the SDK. However, in the case of organizations, additional checks should be made so that the organization within an Auth0 tenant is expected.
130
+
131
+ In particular, the `org_id` claim should be checked to ensure it is a value that is already known to the application. This could be validated against a known list of organization IDs, or perhaps checked in conjunction with the current request URL. e.g. the sub-domain may hint at what organization should be used to validate the ID Token.
132
+
133
+ Here is an example using it in your `callback` method
134
+
135
+ ```ruby
136
+ def callback
137
+ claims = request.env['omniauth.auth']['extra']['raw_info']
138
+
139
+ if claims["org"] && claims["org"] !== expected_org
140
+ redirect_to '/unauthorized', status: 401
141
+ else
142
+ session[:userinfo] = claims
143
+ redirect_to '/dashboard'
144
+ end
145
+ end
146
+ ```
147
+
148
+ For more information, please read [Work with Tokens and Organizations](https://auth0.com/docs/organizations/using-tokens) on Auth0 Docs.
149
+
150
+ ### Accepting user invitations
151
+
152
+ Auth0 Organizations allow users to be invited using emailed links, which will direct a user back to your application. The URL the user will arrive at is based on your configured `Application Login URI`, which you can change from your Application's settings inside the Auth0 dashboard.
153
+
154
+ When the user arrives at your application using an invite link, you can expect three query parameters to be provided: `invitation`, `organization`, and `organization_name`. These will always be delivered using a GET request.
155
+
156
+ You can then supply those parametrs to a `button_to` or `link_to` helper
157
+
158
+ ```ruby
159
+ <%=
160
+ button_to 'Login', 'auth/auth0',
161
+ method: :post,
162
+ params: {
163
+ organization: '{YOUR_ORGANIZATION_ID}',
164
+ invitation: '{INVITE_CODE}'
165
+ }
166
+ %>
167
+ ```
data/Gemfile CHANGED
@@ -2,25 +2,25 @@ source 'https://rubygems.org'
2
2
 
3
3
  gemspec
4
4
 
5
- gem 'gem-release'
6
- gem 'jwt'
7
- gem 'rake'
5
+ gem 'gem-release', '~> 2'
6
+ gem 'jwt', '~> 2'
7
+ gem 'rake', '~> 13'
8
8
 
9
9
  group :development do
10
- gem 'dotenv'
11
- gem 'pry'
12
- gem 'rubocop', require: false
13
- gem 'shotgun'
14
- gem 'sinatra'
15
- gem 'thin'
10
+ gem 'dotenv', '~> 2'
11
+ gem 'pry', '~> 0'
12
+ gem 'rubocop', '~> 1', require: false
13
+ gem 'shotgun', '~> 0'
14
+ gem 'sinatra', '~> 2'
15
+ gem 'thin', '~> 1'
16
16
  end
17
17
 
18
18
  group :test do
19
- gem 'guard-rspec', require: false
19
+ gem 'guard-rspec', '~> 4', require: false
20
20
  gem 'listen', '~> 3'
21
- gem 'rack-test'
22
- gem 'rspec', '~> 3.5'
23
- gem 'codecov', require: false
24
- gem 'simplecov'
25
- gem 'webmock'
21
+ gem 'rack-test', '~> 2'
22
+ gem 'rspec', '~> 3'
23
+ gem 'simplecov-cobertura', '~> 2'
24
+ gem 'webmock', '~> 3'
25
+ gem 'multi_json', '~> 1'
26
26
  end