omniauth-auth0 2.6.0 → 3.1.0

data/Gemfile.lock

@@ -0,0 +1,180 @@
+PATH
+  remote: .
+  specs:
+    omniauth-auth0 (3.1.0)
+      omniauth (~> 2)
+      omniauth-oauth2 (~> 1)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    addressable (2.8.1)
+      public_suffix (>= 2.0.2, < 6.0)
+    ast (2.4.2)
+    coderay (1.1.3)
+    crack (0.4.5)
+      rexml
+    daemons (1.4.1)
+    diff-lcs (1.5.0)
+    docile (1.4.0)
+    dotenv (2.8.1)
+    eventmachine (1.2.7)
+    faraday (2.7.1)
+      faraday-net_http (>= 2.0, < 3.1)
+      ruby2_keywords (>= 0.0.4)
+    faraday-net_http (3.0.2)
+    ffi (1.15.5)
+    formatador (1.1.0)
+    gem-release (2.2.2)
+    guard (2.18.0)
+      formatador (>= 0.2.4)
+      listen (>= 2.7, < 4.0)
+      lumberjack (>= 1.0.12, < 2.0)
+      nenv (~> 0.1)
+      notiffany (~> 0.0)
+      pry (>= 0.13.0)
+      shellany (~> 0.0)
+      thor (>= 0.18.1)
+    guard-compat (1.2.1)
+    guard-rspec (4.7.3)
+      guard (~> 2.1)
+      guard-compat (~> 1.1)
+      rspec (>= 2.99.0, < 4.0)
+    hashdiff (1.0.1)
+    hashie (5.0.0)
+    json (2.6.3)
+    jwt (2.5.0)
+    listen (3.7.1)
+      rb-fsevent (~> 0.10, >= 0.10.3)
+      rb-inotify (~> 0.9, >= 0.9.10)
+    lumberjack (1.2.8)
+    method_source (1.0.0)
+    multi_json (1.15.0)
+    multi_xml (0.6.0)
+    mustermann (2.0.2)
+      ruby2_keywords (~> 0.0.1)
+    nenv (0.3.0)
+    notiffany (0.1.3)
+      nenv (~> 0.1)
+      shellany (~> 0.0)
+    oauth2 (2.0.9)
+      faraday (>= 0.17.3, < 3.0)
+      jwt (>= 1.0, < 3.0)
+      multi_xml (~> 0.5)
+      rack (>= 1.2, < 4)
+      snaky_hash (~> 2.0)
+      version_gem (~> 1.1)
+    omniauth (2.1.0)
+      hashie (>= 3.4.6)
+      rack (>= 2.2.3)
+      rack-protection
+    omniauth-oauth2 (1.8.0)
+      oauth2 (>= 1.4, < 3)
+      omniauth (~> 2.0)
+    parallel (1.22.1)
+    parser (3.1.3.0)
+      ast (~> 2.4.1)
+    pry (0.14.1)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    public_suffix (5.0.0)
+    rack (2.2.4)
+    rack-protection (2.2.3)
+      rack
+    rack-test (2.0.2)
+      rack (>= 1.3)
+    rainbow (3.1.1)
+    rake (13.0.6)
+    rb-fsevent (0.11.2)
+    rb-inotify (0.10.1)
+      ffi (~> 1.0)
+    regexp_parser (2.6.1)
+    rexml (3.2.5)
+    rspec (3.12.0)
+      rspec-core (~> 3.12.0)
+      rspec-expectations (~> 3.12.0)
+      rspec-mocks (~> 3.12.0)
+    rspec-core (3.12.0)
+      rspec-support (~> 3.12.0)
+    rspec-expectations (3.12.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.12.0)
+    rspec-mocks (3.12.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.12.0)
+    rspec-support (3.12.0)
+    rubocop (1.39.0)
+      json (~> 2.3)
+      parallel (~> 1.10)
+      parser (>= 3.1.2.1)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
+      rexml (>= 3.2.5, < 4.0)
+      rubocop-ast (>= 1.23.0, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 3.0)
+    rubocop-ast (1.24.0)
+      parser (>= 3.1.1.0)
+    ruby-progressbar (1.11.0)
+    ruby2_keywords (0.0.5)
+    shellany (0.0.1)
+    shotgun (0.9.2)
+      rack (>= 1.0)
+    simplecov (0.21.2)
+      docile (~> 1.1)
+      simplecov-html (~> 0.11)
+      simplecov_json_formatter (~> 0.1)
+    simplecov-cobertura (2.1.0)
+      rexml
+      simplecov (~> 0.19)
+    simplecov-html (0.12.3)
+    simplecov_json_formatter (0.1.4)
+    sinatra (2.2.3)
+      mustermann (~> 2.0)
+      rack (~> 2.2)
+      rack-protection (= 2.2.3)
+      tilt (~> 2.0)
+    snaky_hash (2.0.1)
+      hashie
+      version_gem (~> 1.1, >= 1.1.1)
+    thin (1.8.1)
+      daemons (~> 1.0, >= 1.0.9)
+      eventmachine (~> 1.0, >= 1.0.4)
+      rack (>= 1, < 3)
+    thor (1.2.1)
+    tilt (2.0.11)
+    unicode-display_width (2.3.0)
+    version_gem (1.1.1)
+    webmock (3.18.1)
+      addressable (>= 2.8.0)
+      crack (>= 0.3.2)
+      hashdiff (>= 0.4.0, < 2.0.0)
+
+PLATFORMS
+  arm64-darwin-21
+  x86_64-darwin-20
+  x86_64-darwin-21
+  x86_64-linux
+
+DEPENDENCIES
+  bundler
+  dotenv (~> 2)
+  gem-release (~> 2)
+  guard-rspec (~> 4)
+  jwt (~> 2)
+  listen (~> 3)
+  multi_json (~> 1)
+  omniauth-auth0!
+  pry (~> 0)
+  rack-test (~> 2)
+  rake (~> 13)
+  rspec (~> 3)
+  rubocop (~> 1)
+  shotgun (~> 0)
+  simplecov-cobertura (~> 2)
+  sinatra (~> 2)
+  thin (~> 1)
+  webmock (~> 3)
+
+BUNDLED WITH
+   2.3.7

data/README.md

@@ -1,25 +1,14 @@
-# OmniAuth Auth0
+![Omniauth-auth0](https://cdn.auth0.com/website/sdks/banners/omniauth-auth0-banner.png)
 
-An [OmniAuth](https://github.com/intridea/omniauth) strategy for authenticating with [Auth0](https://auth0.com). This strategy is based on the [OmniAuth OAuth2](https://github.com/omniauth/omniauth-oauth2) strategy.
-
-> :warning:  **Important security note:** This solution uses a 3rd party library with an unresolved [security issue(s)](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9284). Please review the details of the vulnerability, including [Auth0](https://github.com/auth0/omniauth-auth0/issues/82 ) and other recommended [mitigations](https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284), before implementing the solution.
 
 [![CircleCI](https://img.shields.io/circleci/project/github/auth0/omniauth-auth0/master.svg)](https://circleci.com/gh/auth0/omniauth-auth0)
 [![codecov](https://codecov.io/gh/auth0/omniauth-auth0/branch/master/graph/badge.svg)](https://codecov.io/gh/auth0/omniauth-auth0)
 [![Gem Version](https://badge.fury.io/rb/omniauth-auth0.svg)](https://badge.fury.io/rb/omniauth-auth0)
 [![MIT licensed](https://img.shields.io/dub/l/vibe-d.svg?style=flat)](https://github.com/auth0/omniauth-auth0/blob/master/LICENSE)
-[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fauth0%2Fomniauth-auth0.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2Fauth0%2Fomniauth-auth0?ref=badge_shield)
-
-## Table of Contents
 
-- [Documentation](#documentation)
-- [Installation](#installation)
-- [Getting Started](#getting-started)
-- [Contribution](#contribution)
-- [Support + Feedback](#support--feedback)
-- [Vulnerability Reporting](#vulnerability-reporting)
-- [What is Auth0](#what-is-auth0)
-- [License](#license)
+<div>
+📚 <a href="#documentation">Documentation</a> - 🚀 <a href="#getting-started">Getting started</a> - 💻 <a href="https://www.rubydoc.info/gems/omniauth-auth0">API reference</a> - 💬 <a href="#feedback">Feedback</a>
+</div>
 
 ## Documentation
 
@@ -27,7 +16,9 @@ An [OmniAuth](https://github.com/intridea/omniauth) strategy for authenticating
 - [Sample projects](https://github.com/auth0-samples/auth0-rubyonrails-sample)
 - [API Reference](https://www.rubydoc.info/gems/omniauth-auth0)
 
-## Installation
+## Getting started
+
+### Installation
 
 Add the following line to your `Gemfile`:
 
@@ -49,194 +40,129 @@ $ bundle install
 
 See our [contributing guide](CONTRIBUTING.md) for information on local installation for development.
 
-## Getting Started
+## Configure the SDK
 
-To start processing authentication requests, the following steps must be performed:
+Adding the SDK to your Rails app requires a few steps:
 
-1. Initialize the strategy
-2. Configure the callback controller
-3. Add the required routes
-4. Trigger an authentication request
+- [Create the configuration file](#create-the-configuration-file)
+- [Create the initializer](#create-the-initializer)
+- [Create the callback controller](#create-the-callback-controller)
+- [Add routes](#add-routes)
 
-All of these tasks and more are covered in our [Ruby on Rails Quickstart](https://auth0.com/docs/quickstart/webapp/rails).
+### Create the configuration file
 
-### Additional authentication parameters
+Create the file `./config/auth0.yml` within your application directory with the following content:
 
-To send additional parameters during login, you can specify them when you register the provider:
-
-```ruby
-provider
-  :auth0,
-  ENV['AUTH0_CLIENT_ID'],
-  ENV['AUTH0_CLIENT_SECRET'],
-  ENV['AUTH0_DOMAIN'],
-  {
-    authorize_params: {
-      scope: 'openid read:users write:order',
-      audience: 'https://mydomain/api',
-      max_age: 3600 # time in seconds authentication is valid
-    }
-  }
+```yml
+development:
+  auth0_domain: <YOUR_DOMAIN>
+  auth0_client_id: <YOUR_CLIENT_ID>
+  auth0_client_secret: <YOUR AUTH0 CLIENT SECRET>
 ```
 
-... which will tell the strategy to send those parameters on every authentication request.
-
-### Authentication hash
-
-The Auth0 strategy will provide the standard OmniAuth hash attributes:
+### Create the initializer
 
-- `:provider` - the name of the strategy, in this case `auth0`
-- `:uid` - the user identifier
-- `:info` - the result of the call to `/userinfo` using OmniAuth standard attributes
-- `:credentials` - tokens requested and data
-- `:extra` - Additional info obtained from calling `/userinfo` in the `:raw_info` property
+Create a new Ruby file in `./config/initializers/auth0.rb` to configure the OmniAuth middleware:
 
 ```ruby
-{
-  :provider => 'auth0',
-  :uid => 'auth0|USER_ID',
-  :info => {
-    :name => 'John Foo',
-    :email => 'johnfoo@example.org',
-    :nickname => 'john',
-    :image => 'https://example.org/john.jpg'
-  },
-  :credentials => {
-    :token => 'ACCESS_TOKEN',
-    :expires_at => 1485373937,
-    :expires => true,
-    :refresh_token => 'REFRESH_TOKEN',
-    :id_token => 'JWT_ID_TOKEN',
-    :token_type => 'bearer',
-  },
-  :extra => {
-    :raw_info => {
-      :email => 'johnfoo@example.org',
-      :email_verified => 'true',
-      :name => 'John Foo',
-      :picture => 'https://example.org/john.jpg',
-      :user_id => 'auth0|USER_ID',
-      :nickname => 'john',
-      :created_at => '2014-07-15T17:19:50.387Z'
+AUTH0_CONFIG = Rails.application.config_for(:auth0)
+
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider(
+    :auth0,
+    AUTH0_CONFIG['auth0_client_id'],
+    AUTH0_CONFIG['auth0_client_secret'],
+    AUTH0_CONFIG['auth0_domain'],
+    callback_path: '/auth/auth0/callback',
+    authorize_params: {
+      scope: 'openid profile'
     }
-  }
-}
+  )
+end
 ```
 
-### Query Parameter Options
-
-In some scenarios, you may need to pass specific query parameters to `/authorize`. The following parameters are available to enable this:
-
-- `connection`
-- `connection_scope`
-- `prompt`
-- `screen_hint` (only relevant to New Universal Login Experience)
-- `organization`
-- `invitation`
-
-Simply pass these query parameters to your OmniAuth redirect endpoint to enable their behavior.
-
-## Examples
-
-### Auth0 Organizations (Closed Beta)
-
-Organizations is a set of features that provide better support for developers who build and maintain SaaS and Business-to-Business (B2B) applications.
-
-Using Organizations, you can:
+### Create the callback controller
 
-- Represent teams, business customers, partner companies, or any logical grouping of users that should have different ways of accessing your applications, as organizations.
-- Manage their membership in a variety of ways, including user invitation.
-- Configure branded, federated login flows for each organization.
-- Implement role-based access control, such that users can have different roles when authenticating in the context of different organizations.
-- Build administration capabilities into your products, using Organizations APIs, so that those businesses can manage their own organizations.
+Create a new controller `./app/controllers/auth0_controller.rb` to handle the callback from Auth0.
 
-Note that Organizations is currently only available to customers on our Enterprise and Startup subscription plans.
-
-#### Logging in with an Organization
-
-Logging in with an Organization is as easy as passing the parameters to the authorize endpoint.  You can do this with 
+> You can also run `rails generate controller auth0 callback failure logout --skip-assets --skip-helper --skip-routes --skip-template-engine` to scaffold this controller for you.
 
 ```ruby
-<%= 
-    button_to 'Login', 'auth/auth0',
-    method: :post,
-    params: {
-      # Found in your Auth0 dashboard, under Organization settings:
-      organization: '{AUTH0_ORGANIZATION}'
-    }
-%>
-```
-
-Alternatively you can configure the organization when you register the provider:
-
-```ruby
-provider
-  :auth0,
-  ENV['AUTH0_CLIENT_ID'],
-  ENV['AUTH0_CLIENT_SECRET'],
-  ENV['AUTH0_DOMAIN'],
-  {
-    authorize_params: {
-      scope: 'openid read:users',
-      audience: 'https://{AUTH0_DOMAIN}/api',
-      organization: '{AUTH0_ORGANIZATION}'
-    }
-  }
+# ./app/controllers/auth0_controller.rb
+class Auth0Controller < ApplicationController
+  def callback
+    # OmniAuth stores the information returned from Auth0 and the IdP in request.env['omniauth.auth'].
+    # In this code, you will pull the raw_info supplied from the id_token and assign it to the session.
+    # Refer to https://github.com/auth0/omniauth-auth0/blob/master/EXAMPLES.md#example-of-the-resulting-authentication-hash for complete information on 'omniauth.auth' contents.
+    auth_info = request.env['omniauth.auth']
+    session[:userinfo] = auth_info['extra']['raw_info']
+
+    # Redirect to the URL you want after successful auth
+    redirect_to '/dashboard'
+  end
+
+  def failure
+    # Handles failed authentication -- Show a failure page (you can also handle with a redirect)
+    @error_msg = request.params['message']
+  end
+
+  def logout
+    # you will finish this in a later step
+  end
+end
 ```
 
-#### Accepting user invitations
+### Add routes
 
-Auth0 Organizations allow users to be invited using emailed links, which will direct a user back to your application. The URL the user will arrive at is based on your configured `Application Login URI`, which you can change from your Application's settings inside the Auth0 dashboard.
-
-When the user arrives at your application using an invite link, you can expect three query parameters to be provided: `invitation`, `organization`, and `organization_name`. These will always be delivered using a GET request.
-
-You can then supply those parametrs to a `button_to` or `link_to` helper
+Finally, add the following routes to your `./config/routes.rb` file:
 
 ```ruby
-<%= 
-    button_to 'Login', 'auth/auth0',
-    method: :post,
-    params: {
-      organization: '{YOUR_ORGANIZATION_ID}',
-      invitation: '{INVITE_CODE}'
-    }
-%>
+Rails.application.routes.draw do
+  # ..
+  get '/auth/auth0/callback' => 'auth0#callback'
+  get '/auth/failure' => 'auth0#failure'
+  get '/auth/logout' => 'auth0#logout'
+end
 ```
 
-## Contribution
-
-We appreciate feedback and contribution to this repo! Before you get started, please see the following:
-
-- [Auth0's contribution guidelines](https://github.com/auth0/open-source-template/blob/master/GENERAL-CONTRIBUTING.md)
-- [Auth0's Code of Conduct](https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md)
-- [This repo's contribution guide](CONTRIBUTING.md)
+## Logging in
 
-## Support + Feedback
+To redirect your users to Auth0 for authentication, redirect your users to the `/auth/auth0` endpoint of your app. One way to do this is to use a link or button on a page:
 
-- Use [Community](https://community.auth0.com/) for usage, questions, specific cases.
-- Use [Issues](https://github.com/auth0/omniauth-auth0/issues) here for code-level support and bug reports.
-- Paid customers can use [Support](https://support.auth0.com/) to submit a trouble ticket for production-affecting issues.
+```html
+<%= button_to 'Login', '/auth/auth0', method: :post %>
+```
 
-## Vulnerability Reporting
+## Feedback
 
-Please do not report security vulnerabilities on the public GitHub issue tracker. The [Responsible Disclosure Program](https://auth0.com/whitehat) details the procedure for disclosing security issues.
+### Contributing
 
-## What is Auth0?
+We appreciate feedback and contribution to this repo! Before you get started, please see the following:
 
-Auth0 helps you to easily:
+- [Auth0's general contribution guidelines](https://github.com/auth0/open-source-template/blob/master/GENERAL-CONTRIBUTING.md)
+- [Auth0's code of conduct guidelines](https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md)
+- [This repo's contribution guide](https://github.com/auth0/omniauth-auth0/blob/master/CONTRIBUTING.md)
 
-- implement authentication with multiple identity providers, including social (e.g., Google, Facebook, Microsoft, LinkedIn, GitHub, Twitter, etc), or enterprise (e.g., Windows Azure AD, Google Apps, Active Directory, ADFS, SAML, etc.)
-- log in users with username/password databases, passwordless, or multi-factor authentication
-- link multiple user accounts together
-- generate signed JSON Web Tokens to authorize your API calls and flow the user identity securely
-- access demographics and analytics detailing how, when, and where users are logging in
-- enrich user profiles from other data sources using customizable JavaScript rules
+### Raise an issue
 
-[Why Auth0?](https://auth0.com/why-auth0)
+To provide feedback or report a bug, please [raise an issue on our issue tracker](https://github.com/auth0/omniauth-auth0/issues).
 
-## License
+### Vulnerability Reporting
 
-The OmniAuth Auth0 strategy is licensed under MIT - [LICENSE](LICENSE)
+Please do not report security vulnerabilities on the public GitHub issue tracker. The [Responsible Disclosure Program](https://auth0.com/whitehat) details the procedure for disclosing security issues.
 
+---
 
-[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fauth0%2Fomniauth-auth0.svg?type=large)](https://app.fossa.com/projects/git%2Bgithub.com%2Fauth0%2Fomniauth-auth0?ref=badge_large)
+<p align="center">
+  <picture>
+    <source media="(prefers-color-scheme: dark)" srcset="https://cdn.auth0.com/website/sdks/logos/auth0_dark_mode.png" width="150">
+    <source media="(prefers-color-scheme: light)" srcset="https://cdn.auth0.com/website/sdks/logos/auth0_light_mode.png" width="150">
+    <img alt="Auth0 Logo" src="https://cdn.auth0.com/website/sdks/logos/auth0_light_mode.png" width="150">
+  </picture>
+</p>
+<p align="center">
+  Auth0 is an easy to implement, adaptable authentication and authorization platform. To learn more checkout <a href="https://auth0.com/why-auth0">Why Auth0?</a>
+</p>
+<p align="center">
+  This project is licensed under the MIT license. See the <a href="https://github.com/auth0/omniauth-auth0/blob/master/LICENSE"> LICENSE</a> file for more info.
+</p>

data/lib/omniauth/strategies/auth0.rb

@@ -84,7 +84,7 @@ module OmniAuth
       # Define the parameters used for the /authorize endpoint
       def authorize_params
         params = super
-        %w[connection connection_scope prompt screen_hint login_hint organization invitation].each do |key|
+        %w[connection connection_scope prompt screen_hint login_hint organization invitation ui_locales].each do |key|
           params[key] = request.params[key] if request.params.key?(key)
         end
 
@@ -94,7 +94,7 @@ module OmniAuth
         params[:leeway] = 60 unless params[:leeway]
 
         # Store authorize params in the session for token verification
-        session['authorize_params'] = params
+        session['authorize_params'] = params.to_hash
 
         params
       end

data/lib/omniauth-auth0/version.rb

@@ -1,5 +1,5 @@
 module OmniAuth
   module Auth0
-    VERSION = '2.6.0'.freeze
+    VERSION = '3.1.0'.freeze
   end
 end

data/omniauth-auth0.gemspec

@@ -21,10 +21,10 @@ omniauth-auth0 is the OmniAuth strategy for Auth0.
   s.executables   = `git ls-files -- bin/*`.split('\n').map{ |f| File.basename(f) }
   s.require_paths = ['lib']
 
-  s.add_runtime_dependency 'omniauth', '~> 1.9'
-  s.add_runtime_dependency 'omniauth-oauth2', '~> 1.5'
+  s.add_runtime_dependency 'omniauth', '~> 2'
+  s.add_runtime_dependency 'omniauth-oauth2', '~> 1'
 
   s.add_development_dependency 'bundler'
-  
+
   s.license = 'MIT'
 end

data/opslevel.yml

@@ -0,0 +1,6 @@
+---
+version: 1
+repository:
+  owner: dx_sdks
+  tier:
+  tags:

data/spec/omniauth/auth0/jwt_validator_spec.rb

@@ -357,7 +357,7 @@ describe OmniAuth::Auth0::JWTValidator do
         message: "Nonce (nonce) claim value mismatch in the ID token; expected (noncey), found (mismatch)"
       }))
     end
-    
+
     it 'should fail when “aud” is an array of strings and azp claim is not present' do
       aud = [
         client_id,
@@ -476,7 +476,7 @@ describe OmniAuth::Auth0::JWTValidator do
       expect(id_token['auth_time']).to eq(auth_time)
     end
 
-    it 'should fail when authorize params has organization but org_id is missing in the token', focus: true do
+    it 'should fail when authorize params has organization but org_id is missing in the token' do
       payload = {
         iss: "https://#{domain}/",
         sub: 'sub',
@@ -493,7 +493,7 @@ describe OmniAuth::Auth0::JWTValidator do
       }))
     end
 
-    it 'should fail when authorize params has organization but token org_id does not match', focus: true do
+    it 'should fail when authorize params has organization but token org_id does not match' do
       payload = {
         iss: "https://#{domain}/",
         sub: 'sub',
@@ -544,7 +544,7 @@ describe OmniAuth::Auth0::JWTValidator do
       expect do
         verified_token = make_jwt_validator(opt_domain: domain).verify(token)
       end.to raise_error(an_instance_of(JWT::VerificationError).and having_attributes({
-        message: "Signature verification raised"
+        message: "Signature verification failed"
       }))
     end
 

data/spec/omniauth/strategies/auth0_spec.rb

@@ -2,6 +2,9 @@
 
 require 'spec_helper'
 require 'jwt'
+require 'multi_json'
+
+OmniAuth.config.allowed_request_methods = [:get, :post]
 
 RSpec.shared_examples 'site has valid domain url' do |url|
   it { expect(subject.site).to eq(url) }
@@ -196,6 +199,19 @@ describe OmniAuth::Strategies::Auth0 do
       expect(redirect_url).not_to have_query('invitation')
     end
 
+    def session
+      session_cookie = last_response.cookies['rack.session'].first
+      session_data, _, _ = session_cookie.rpartition('--')
+      decoded_session_data = Base64.decode64(session_data)
+      Marshal.load(decoded_session_data)
+    end
+
+    it "stores session['authorize_params'] as a plain Ruby Hash" do
+      get '/auth/auth0'
+
+      expect(session['authorize_params'].class).to eq(::Hash)
+    end
+
     describe 'callback' do
       let(:access_token) { 'access token' }
       let(:expires_in) { 2000 }

data/spec/spec_helper.rb

@@ -1,12 +1,13 @@
 $LOAD_PATH.unshift File.expand_path(__dir__)
 $LOAD_PATH.unshift File.expand_path('../lib', __dir__)
 
+require 'multi_json'
 require 'simplecov'
 SimpleCov.start
 
 if ENV['CI'] == 'true'
-  require 'codecov'
-  SimpleCov.formatter = SimpleCov::Formatter::Codecov
+  require 'simplecov-cobertura'
+  SimpleCov.formatter = SimpleCov::Formatter::CoberturaFormatter
 end
 
 require 'rspec'
@@ -22,6 +23,8 @@ RSpec.configure do |config|
   config.include WebMock::API
   config.include Rack::Test::Methods
   config.extend OmniAuth::Test::StrategyMacros, type: :strategy
+  config.filter_run focus: true
+  config.run_all_when_everything_filtered = true
 
   def app
     @app || make_application
@@ -39,7 +42,7 @@ RSpec.configure do |config|
       configure do
         enable :sessions
         set :show_exceptions, false
-        set :session_secret, 'TEST'
+        set :session_secret, '9771aff2c634257053c62ba072c54754bd2cc92739b37e81c3eda505da48c2ec'
       end
 
       use OmniAuth::Builder do