RubyGems - omniauth-auth0 - Versions diffs - 3.0.0 → 3.1.0 - Mend

omniauth-auth0 3.0.0 → 3.1.0

Files changed (21) hide show

checksums.yaml +4 -4
data/.circleci/config.yml +22 -3
data/.devcontainer/devcontainer.json +18 -0
data/.github/workflows/semgrep.yml +24 -0
data/.gitignore +0 -2
data/.semgrepignore +4 -0
data/.shiprc +7 -0
data/CHANGELOG.md +59 -11
data/EXAMPLES.md +167 -0
data/Gemfile +15 -15
data/Gemfile.lock +180 -0
data/README.md +93 -194
data/lib/omniauth/strategies/auth0.rb +2 -2
data/lib/omniauth-auth0/version.rb +1 -1
data/omniauth-auth0.gemspec +3 -3
data/opslevel.yml +6 -0
data/spec/omniauth/auth0/jwt_validator_spec.rb +4 -4
data/spec/omniauth/strategies/auth0_spec.rb +14 -0
data/spec/spec_helper.rb +6 -3
metadata +14 -8
data/CODE_OF_CONDUCT.md +0 -3

data/Gemfile.lock ADDED Viewed

@@ -0,0 +1,180 @@
+PATH
+  remote: .
+  specs:
+    omniauth-auth0 (3.1.0)
+      omniauth (~> 2)
+      omniauth-oauth2 (~> 1)
+GEM
+  remote: https://rubygems.org/
+  specs:
+    addressable (2.8.1)
+      public_suffix (>= 2.0.2, < 6.0)
+    ast (2.4.2)
+    coderay (1.1.3)
+    crack (0.4.5)
+      rexml
+    daemons (1.4.1)
+    diff-lcs (1.5.0)
+    docile (1.4.0)
+    dotenv (2.8.1)
+    eventmachine (1.2.7)
+    faraday (2.7.1)
+      faraday-net_http (>= 2.0, < 3.1)
+      ruby2_keywords (>= 0.0.4)
+    faraday-net_http (3.0.2)
+    ffi (1.15.5)
+    formatador (1.1.0)
+    gem-release (2.2.2)
+    guard (2.18.0)
+      formatador (>= 0.2.4)
+      listen (>= 2.7, < 4.0)
+      lumberjack (>= 1.0.12, < 2.0)
+      nenv (~> 0.1)
+      notiffany (~> 0.0)
+      pry (>= 0.13.0)
+      shellany (~> 0.0)
+      thor (>= 0.18.1)
+    guard-compat (1.2.1)
+    guard-rspec (4.7.3)
+      guard (~> 2.1)
+      guard-compat (~> 1.1)
+      rspec (>= 2.99.0, < 4.0)
+    hashdiff (1.0.1)
+    hashie (5.0.0)
+    json (2.6.3)
+    jwt (2.5.0)
+    listen (3.7.1)
+      rb-fsevent (~> 0.10, >= 0.10.3)
+      rb-inotify (~> 0.9, >= 0.9.10)
+    lumberjack (1.2.8)
+    method_source (1.0.0)
+    multi_json (1.15.0)
+    multi_xml (0.6.0)
+    mustermann (2.0.2)
+      ruby2_keywords (~> 0.0.1)
+    nenv (0.3.0)
+    notiffany (0.1.3)
+      nenv (~> 0.1)
+      shellany (~> 0.0)
+    oauth2 (2.0.9)
+      faraday (>= 0.17.3, < 3.0)
+      jwt (>= 1.0, < 3.0)
+      multi_xml (~> 0.5)
+      rack (>= 1.2, < 4)
+      snaky_hash (~> 2.0)
+      version_gem (~> 1.1)
+    omniauth (2.1.0)
+      hashie (>= 3.4.6)
+      rack (>= 2.2.3)
+      rack-protection
+    omniauth-oauth2 (1.8.0)
+      oauth2 (>= 1.4, < 3)
+      omniauth (~> 2.0)
+    parallel (1.22.1)
+    parser (3.1.3.0)
+      ast (~> 2.4.1)
+    pry (0.14.1)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    public_suffix (5.0.0)
+    rack (2.2.4)
+    rack-protection (2.2.3)
+      rack
+    rack-test (2.0.2)
+      rack (>= 1.3)
+    rainbow (3.1.1)
+    rake (13.0.6)
+    rb-fsevent (0.11.2)
+    rb-inotify (0.10.1)
+      ffi (~> 1.0)
+    regexp_parser (2.6.1)
+    rexml (3.2.5)
+    rspec (3.12.0)
+      rspec-core (~> 3.12.0)
+      rspec-expectations (~> 3.12.0)
+      rspec-mocks (~> 3.12.0)
+    rspec-core (3.12.0)
+      rspec-support (~> 3.12.0)
+    rspec-expectations (3.12.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.12.0)
+    rspec-mocks (3.12.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.12.0)
+    rspec-support (3.12.0)
+    rubocop (1.39.0)
+      json (~> 2.3)
+      parallel (~> 1.10)
+      parser (>= 3.1.2.1)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
+      rexml (>= 3.2.5, < 4.0)
+      rubocop-ast (>= 1.23.0, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 3.0)
+    rubocop-ast (1.24.0)
+      parser (>= 3.1.1.0)
+    ruby-progressbar (1.11.0)
+    ruby2_keywords (0.0.5)
+    shellany (0.0.1)
+    shotgun (0.9.2)
+      rack (>= 1.0)
+    simplecov (0.21.2)
+      docile (~> 1.1)
+      simplecov-html (~> 0.11)
+      simplecov_json_formatter (~> 0.1)
+    simplecov-cobertura (2.1.0)
+      rexml
+      simplecov (~> 0.19)
+    simplecov-html (0.12.3)
+    simplecov_json_formatter (0.1.4)
+    sinatra (2.2.3)
+      mustermann (~> 2.0)
+      rack (~> 2.2)
+      rack-protection (= 2.2.3)
+      tilt (~> 2.0)
+    snaky_hash (2.0.1)
+      hashie
+      version_gem (~> 1.1, >= 1.1.1)
+    thin (1.8.1)
+      daemons (~> 1.0, >= 1.0.9)
+      eventmachine (~> 1.0, >= 1.0.4)
+      rack (>= 1, < 3)
+    thor (1.2.1)
+    tilt (2.0.11)
+    unicode-display_width (2.3.0)
+    version_gem (1.1.1)
+    webmock (3.18.1)
+      addressable (>= 2.8.0)
+      crack (>= 0.3.2)
+      hashdiff (>= 0.4.0, < 2.0.0)
+PLATFORMS
+  arm64-darwin-21
+  x86_64-darwin-20
+  x86_64-darwin-21
+  x86_64-linux
+DEPENDENCIES
+  bundler
+  dotenv (~> 2)
+  gem-release (~> 2)
+  guard-rspec (~> 4)
+  jwt (~> 2)
+  listen (~> 3)
+  multi_json (~> 1)
+  omniauth-auth0!
+  pry (~> 0)
+  rack-test (~> 2)
+  rake (~> 13)
+  rspec (~> 3)
+  rubocop (~> 1)
+  shotgun (~> 0)
+  simplecov-cobertura (~> 2)
+  sinatra (~> 2)
+  thin (~> 1)
+  webmock (~> 3)
+BUNDLED WITH
+   2.3.7

data/README.md CHANGED Viewed

@@ -1,25 +1,14 @@
-# OmniAuth Auth0
+![Omniauth-auth0](https://cdn.auth0.com/website/sdks/banners/omniauth-auth0-banner.png)
-An [OmniAuth](https://github.com/intridea/omniauth) strategy for authenticating with [Auth0](https://auth0.com). This strategy is based on the [OmniAuth OAuth2](https://github.com/omniauth/omniauth-oauth2) strategy.
-> :warning:  **Important security note for v2:** This solution uses a 3rd party library that had a [security issue(s)](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9284) in v2. Please review the details of the vulnerability, including [Auth0](https://github.com/auth0/omniauth-auth0/issues/82 ) and other recommended [mitigations](https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284), before implementing the solution in v2.  **[Upgrading to v3](https://github.com/auth0/omniauth-auth0/pull/128) of this library resolves the issue.**
 [![CircleCI](https://img.shields.io/circleci/project/github/auth0/omniauth-auth0/master.svg)](https://circleci.com/gh/auth0/omniauth-auth0)
 [![codecov](https://codecov.io/gh/auth0/omniauth-auth0/branch/master/graph/badge.svg)](https://codecov.io/gh/auth0/omniauth-auth0)
 [![Gem Version](https://badge.fury.io/rb/omniauth-auth0.svg)](https://badge.fury.io/rb/omniauth-auth0)
 [![MIT licensed](https://img.shields.io/dub/l/vibe-d.svg?style=flat)](https://github.com/auth0/omniauth-auth0/blob/master/LICENSE)
-[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fauth0%2Fomniauth-auth0.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2Fauth0%2Fomniauth-auth0?ref=badge_shield)
-## Table of Contents
-- [Documentation](#documentation)
-- [Installation](#installation)
-- [Getting Started](#getting-started)
-- [Contribution](#contribution)
-- [Support + Feedback](#support--feedback)
-- [Vulnerability Reporting](#vulnerability-reporting)
-- [What is Auth0](#what-is-auth0)
-- [License](#license)
+<div>
+📚 <a href="#documentation">Documentation</a> - 🚀 <a href="#getting-started">Getting started</a> - 💻 <a href="https://www.rubydoc.info/gems/omniauth-auth0">API reference</a> - 💬 <a href="#feedback">Feedback</a>
+</div>
 ## Documentation
@@ -27,7 +16,9 @@ An [OmniAuth](https://github.com/intridea/omniauth) strategy for authenticating
 - [Sample projects](https://github.com/auth0-samples/auth0-rubyonrails-sample)
 - [API Reference](https://www.rubydoc.info/gems/omniauth-auth0)
-## Installation
+## Getting started
+### Installation
 Add the following line to your `Gemfile`:
@@ -49,221 +40,129 @@ $ bundle install
 See our [contributing guide](CONTRIBUTING.md) for information on local installation for development.
-## Getting Started
-To start processing authentication requests, the following steps must be performed:
-1. Initialize the strategy
-2. Configure the callback controller
-3. Add the required routes
-4. Trigger an authentication request
-All of these tasks and more are covered in our [Ruby on Rails Quickstart](https://auth0.com/docs/quickstart/webapp/rails).
-### Additional authentication parameters
-To send additional parameters during login, you can specify them when you register the provider:
-```ruby
-provider
-  :auth0,
-  ENV['AUTH0_CLIENT_ID'],
-  ENV['AUTH0_CLIENT_SECRET'],
-  ENV['AUTH0_DOMAIN'],
-  {
-    authorize_params: {
-      scope: 'openid read:users write:order',
-      audience: 'https://mydomain/api',
-      max_age: 3600 # time in seconds authentication is valid
-    }
-  }
-```
+## Configure the SDK
-... which will tell the strategy to send those parameters on every authentication request.
+Adding the SDK to your Rails app requires a few steps:
-### Authentication hash
+- [Create the configuration file](#create-the-configuration-file)
+- [Create the initializer](#create-the-initializer)
+- [Create the callback controller](#create-the-callback-controller)
+- [Add routes](#add-routes)
-The Auth0 strategy will provide the standard OmniAuth hash attributes:
+### Create the configuration file
-- `:provider` - the name of the strategy, in this case `auth0`
-- `:uid` - the user identifier
-- `:info` - the result of the call to `/userinfo` using OmniAuth standard attributes
-- `:credentials` - tokens requested and data
-- `:extra` - Additional info obtained from calling `/userinfo` in the `:raw_info` property
+Create the file `./config/auth0.yml` within your application directory with the following content:
-```ruby
-{
-  :provider => 'auth0',
-  :uid => 'auth0|USER_ID',
-  :info => {
-    :name => 'John Foo',
-    :email => 'johnfoo@example.org',
-    :nickname => 'john',
-    :image => 'https://example.org/john.jpg'
-  },
-  :credentials => {
-    :token => 'ACCESS_TOKEN',
-    :expires_at => 1485373937,
-    :expires => true,
-    :refresh_token => 'REFRESH_TOKEN',
-    :id_token => 'JWT_ID_TOKEN',
-    :token_type => 'bearer',
-  },
-  :extra => {
-    :raw_info => {
-      :email => 'johnfoo@example.org',
-      :email_verified => 'true',
-      :name => 'John Foo',
-      :picture => 'https://example.org/john.jpg',
-      :user_id => 'auth0|USER_ID',
-      :nickname => 'john',
-      :created_at => '2014-07-15T17:19:50.387Z'
-    }
-  }
-}
+```yml
+development:
+  auth0_domain: <YOUR_DOMAIN>
+  auth0_client_id: <YOUR_CLIENT_ID>
+  auth0_client_secret: <YOUR AUTH0 CLIENT SECRET>
 ```
-### Query Parameter Options
-In some scenarios, you may need to pass specific query parameters to `/authorize`. The following parameters are available to enable this:
-- `connection`
-- `connection_scope`
-- `prompt`
-- `screen_hint` (only relevant to New Universal Login Experience)
-- `organization`
-- `invitation`
-Simply pass these query parameters to your OmniAuth redirect endpoint to enable their behavior.
-## Examples
-### Auth0 Organizations
-[Organizations](https://auth0.com/docs/organizations) is a set of features that provide better support for developers who build and maintain SaaS and Business-to-Business (B2B) applications.
-Using Organizations, you can:
+### Create the initializer
-- Represent teams, business customers, partner companies, or any logical grouping of users that should have different ways of accessing your applications, as organizations.
-- Manage their membership in a variety of ways, including user invitation.
-- Configure branded, federated login flows for each organization.
-- Implement role-based access control, such that users can have different roles when authenticating in the context of different organizations.
-- Build administration capabilities into your products, using Organizations APIs, so that those businesses can manage their own organizations.
-Note that Organizations is currently only available to customers on our Enterprise and Startup subscription plans.
-#### Logging in with an Organization
-Logging in with an Organization is as easy as passing the parameters to the authorize endpoint.  You can do this with
+Create a new Ruby file in `./config/initializers/auth0.rb` to configure the OmniAuth middleware:
 ```ruby
-<%=
-    button_to 'Login', 'auth/auth0',
-    method: :post,
-    params: {
-      # Found in your Auth0 dashboard, under Organization settings:
-      organization: '{AUTH0_ORGANIZATION}'
-    }
-%>
-```
-Alternatively you can configure the organization when you register the provider:
-```ruby
-provider
-  :auth0,
-  ENV['AUTH0_CLIENT_ID'],
-  ENV['AUTH0_CLIENT_SECRET'],
-  ENV['AUTH0_DOMAIN']
-  {
+AUTH0_CONFIG = Rails.application.config_for(:auth0)
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider(
+    :auth0,
+    AUTH0_CONFIG['auth0_client_id'],
+    AUTH0_CONFIG['auth0_client_secret'],
+    AUTH0_CONFIG['auth0_domain'],
+    callback_path: '/auth/auth0/callback',
     authorize_params: {
-      scope: 'openid read:users',
-      audience: 'https://{AUTH0_DOMAIN}/api',
-      organization: '{AUTH0_ORGANIZATION}'
+      scope: 'openid profile'
     }
-  }
+  )
+end
 ```
-When passing `openid` to the scope and `organization` to the authorize params, you will receive an ID token on callback with the `org_id` claim.  This claim is validated for you by the SDK.
-#### Validating Organizations when using Organization Login Prompt
-When Organization login prompt is enabled on your application, but you haven't specified an Organization for the application's authorization endpoint, the `org_id` claim will be present on the ID token, and should be validated to ensure that the value received is expected or known.
-Normally, validating the issuer would be enough to ensure that the token was issued by Auth0, and this check is performed by the SDK. However, in the case of organizations, additional checks should be made so that the organization within an Auth0 tenant is expected.
+### Create the callback controller
-In particular, the `org_id` claim should be checked to ensure it is a value that is already known to the application. This could be validated against a known list of organization IDs, or perhaps checked in conjunction with the current request URL. e.g. the sub-domain may hint at what organization should be used to validate the ID Token.
+Create a new controller `./app/controllers/auth0_controller.rb` to handle the callback from Auth0.
-Here is an example using it in your `callback` method
+> You can also run `rails generate controller auth0 callback failure logout --skip-assets --skip-helper --skip-routes --skip-template-engine` to scaffold this controller for you.
 ```ruby
+# ./app/controllers/auth0_controller.rb
+class Auth0Controller < ApplicationController
   def callback
-    claims = request.env['omniauth.auth']['extra']['raw_info']
-    if claims["org"] && claims["org"] !== expected_org
-      redirect_to '/unauthorized', status: 401
-    else
-      session[:userinfo] = claims
-      redirect_to '/dashboard'
-    end
+    # OmniAuth stores the information returned from Auth0 and the IdP in request.env['omniauth.auth'].
+    # In this code, you will pull the raw_info supplied from the id_token and assign it to the session.
+    # Refer to https://github.com/auth0/omniauth-auth0/blob/master/EXAMPLES.md#example-of-the-resulting-authentication-hash for complete information on 'omniauth.auth' contents.
+    auth_info = request.env['omniauth.auth']
+    session[:userinfo] = auth_info['extra']['raw_info']
+    # Redirect to the URL you want after successful auth
+    redirect_to '/dashboard'
   end
-```
-For more information, please read [Work with Tokens and Organizations](https://auth0.com/docs/organizations/using-tokens) on Auth0 Docs.
-#### Accepting user invitations
+  def failure
+    # Handles failed authentication -- Show a failure page (you can also handle with a redirect)
+    @error_msg = request.params['message']
+  end
-Auth0 Organizations allow users to be invited using emailed links, which will direct a user back to your application. The URL the user will arrive at is based on your configured `Application Login URI`, which you can change from your Application's settings inside the Auth0 dashboard.
+  def logout
+    # you will finish this in a later step
+  end
+end
+```
-When the user arrives at your application using an invite link, you can expect three query parameters to be provided: `invitation`, `organization`, and `organization_name`. These will always be delivered using a GET request.
+### Add routes
-You can then supply those parametrs to a `button_to` or `link_to` helper
+Finally, add the following routes to your `./config/routes.rb` file:
 ```ruby
-<%=
-    button_to 'Login', 'auth/auth0',
-    method: :post,
-    params: {
-      organization: '{YOUR_ORGANIZATION_ID}',
-      invitation: '{INVITE_CODE}'
-    }
-%>
+Rails.application.routes.draw do
+  # ..
+  get '/auth/auth0/callback' => 'auth0#callback'
+  get '/auth/failure' => 'auth0#failure'
+  get '/auth/logout' => 'auth0#logout'
+end
 ```
-## Contribution
+## Logging in
-We appreciate feedback and contribution to this repo! Before you get started, please see the following:
-- [Auth0's contribution guidelines](https://github.com/auth0/open-source-template/blob/master/GENERAL-CONTRIBUTING.md)
-- [Auth0's Code of Conduct](https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md)
-- [This repo's contribution guide](CONTRIBUTING.md)
-## Support + Feedback
+To redirect your users to Auth0 for authentication, redirect your users to the `/auth/auth0` endpoint of your app. One way to do this is to use a link or button on a page:
-- Use [Community](https://community.auth0.com/) for usage, questions, specific cases.
-- Use [Issues](https://github.com/auth0/omniauth-auth0/issues) here for code-level support and bug reports.
-- Paid customers can use [Support](https://support.auth0.com/) to submit a trouble ticket for production-affecting issues.
+```html
+<%= button_to 'Login', '/auth/auth0', method: :post %>
+```
-## Vulnerability Reporting
+## Feedback
-Please do not report security vulnerabilities on the public GitHub issue tracker. The [Responsible Disclosure Program](https://auth0.com/whitehat) details the procedure for disclosing security issues.
+### Contributing
-## What is Auth0?
+We appreciate feedback and contribution to this repo! Before you get started, please see the following:
-Auth0 helps you to easily:
+- [Auth0's general contribution guidelines](https://github.com/auth0/open-source-template/blob/master/GENERAL-CONTRIBUTING.md)
+- [Auth0's code of conduct guidelines](https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md)
+- [This repo's contribution guide](https://github.com/auth0/omniauth-auth0/blob/master/CONTRIBUTING.md)
-- implement authentication with multiple identity providers, including social (e.g., Google, Facebook, Microsoft, LinkedIn, GitHub, Twitter, etc), or enterprise (e.g., Windows Azure AD, Google Apps, Active Directory, ADFS, SAML, etc.)
-- log in users with username/password databases, passwordless, or multi-factor authentication
-- link multiple user accounts together
-- generate signed JSON Web Tokens to authorize your API calls and flow the user identity securely
-- access demographics and analytics detailing how, when, and where users are logging in
-- enrich user profiles from other data sources using customizable JavaScript rules
+### Raise an issue
-[Why Auth0?](https://auth0.com/why-auth0)
+To provide feedback or report a bug, please [raise an issue on our issue tracker](https://github.com/auth0/omniauth-auth0/issues).
-## License
+### Vulnerability Reporting
-The OmniAuth Auth0 strategy is licensed under MIT - [LICENSE](LICENSE)
+Please do not report security vulnerabilities on the public GitHub issue tracker. The [Responsible Disclosure Program](https://auth0.com/whitehat) details the procedure for disclosing security issues.
+---
-[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fauth0%2Fomniauth-auth0.svg?type=large)](https://app.fossa.com/projects/git%2Bgithub.com%2Fauth0%2Fomniauth-auth0?ref=badge_large)
+<p align="center">
+  <picture>
+    <source media="(prefers-color-scheme: dark)" srcset="https://cdn.auth0.com/website/sdks/logos/auth0_dark_mode.png" width="150">
+    <source media="(prefers-color-scheme: light)" srcset="https://cdn.auth0.com/website/sdks/logos/auth0_light_mode.png" width="150">
+    <img alt="Auth0 Logo" src="https://cdn.auth0.com/website/sdks/logos/auth0_light_mode.png" width="150">
+  </picture>
+</p>
+<p align="center">
+  Auth0 is an easy to implement, adaptable authentication and authorization platform. To learn more checkout <a href="https://auth0.com/why-auth0">Why Auth0?</a>
+</p>
+<p align="center">
+  This project is licensed under the MIT license. See the <a href="https://github.com/auth0/omniauth-auth0/blob/master/LICENSE"> LICENSE</a> file for more info.
+</p>

data/lib/omniauth/strategies/auth0.rb CHANGED Viewed

@@ -84,7 +84,7 @@ module OmniAuth
       # Define the parameters used for the /authorize endpoint
       def authorize_params
         params = super
-        %w[connection connection_scope prompt screen_hint login_hint organization invitation].each do |key|
+        %w[connection connection_scope prompt screen_hint login_hint organization invitation ui_locales].each do |key|
           params[key] = request.params[key] if request.params.key?(key)
         end
@@ -94,7 +94,7 @@ module OmniAuth
         params[:leeway] = 60 unless params[:leeway]
         # Store authorize params in the session for token verification
-        session['authorize_params'] = params
+        session['authorize_params'] = params.to_hash
         params
       end

data/lib/omniauth-auth0/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module OmniAuth
   module Auth0
-    VERSION = '3.0.0'.freeze
+    VERSION = '3.1.0'.freeze
   end
 end

data/omniauth-auth0.gemspec CHANGED Viewed

@@ -21,10 +21,10 @@ omniauth-auth0 is the OmniAuth strategy for Auth0.
   s.executables   = `git ls-files -- bin/*`.split('\n').map{ |f| File.basename(f) }
   s.require_paths = ['lib']
-  s.add_runtime_dependency 'omniauth', '~> 2.0'
-  s.add_runtime_dependency 'omniauth-oauth2', '~> 1.7'
+  s.add_runtime_dependency 'omniauth', '~> 2'
+  s.add_runtime_dependency 'omniauth-oauth2', '~> 1'
   s.add_development_dependency 'bundler'
   s.license = 'MIT'
 end

data/opslevel.yml ADDED Viewed

@@ -0,0 +1,6 @@
+---
+version: 1
+repository:
+  owner: dx_sdks
+  tier:
+  tags:

data/spec/omniauth/auth0/jwt_validator_spec.rb CHANGED Viewed

@@ -357,7 +357,7 @@ describe OmniAuth::Auth0::JWTValidator do
         message: "Nonce (nonce) claim value mismatch in the ID token; expected (noncey), found (mismatch)"
       }))
     end
     it 'should fail when “aud” is an array of strings and azp claim is not present' do
       aud = [
         client_id,
@@ -476,7 +476,7 @@ describe OmniAuth::Auth0::JWTValidator do
       expect(id_token['auth_time']).to eq(auth_time)
     end
-    it 'should fail when authorize params has organization but org_id is missing in the token', focus: true do
+    it 'should fail when authorize params has organization but org_id is missing in the token' do
       payload = {
         iss: "https://#{domain}/",
         sub: 'sub',
@@ -493,7 +493,7 @@ describe OmniAuth::Auth0::JWTValidator do
       }))
     end
-    it 'should fail when authorize params has organization but token org_id does not match', focus: true do
+    it 'should fail when authorize params has organization but token org_id does not match' do
       payload = {
         iss: "https://#{domain}/",
         sub: 'sub',
@@ -544,7 +544,7 @@ describe OmniAuth::Auth0::JWTValidator do
       expect do
         verified_token = make_jwt_validator(opt_domain: domain).verify(token)
       end.to raise_error(an_instance_of(JWT::VerificationError).and having_attributes({
-        message: "Signature verification raised"
+        message: "Signature verification failed"
       }))
     end

data/spec/omniauth/strategies/auth0_spec.rb CHANGED Viewed

@@ -2,6 +2,7 @@
 require 'spec_helper'
 require 'jwt'
+require 'multi_json'
 OmniAuth.config.allowed_request_methods = [:get, :post]
@@ -198,6 +199,19 @@ describe OmniAuth::Strategies::Auth0 do
       expect(redirect_url).not_to have_query('invitation')
     end
+    def session
+      session_cookie = last_response.cookies['rack.session'].first
+      session_data, _, _ = session_cookie.rpartition('--')
+      decoded_session_data = Base64.decode64(session_data)
+      Marshal.load(decoded_session_data)
+    end
+    it "stores session['authorize_params'] as a plain Ruby Hash" do
+      get '/auth/auth0'
+      expect(session['authorize_params'].class).to eq(::Hash)
+    end
     describe 'callback' do
       let(:access_token) { 'access token' }
       let(:expires_in) { 2000 }