omniauth-auth0 3.1.0 → 3.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7c56b51f9b1e20c19151c11b2ebed36d976795af342e1ddb6e2faf8adbd606dc
-  data.tar.gz: d464a395f1a95859ce5bcba3956955e489319f7efd5a263f7e1a904810ab58db
+  metadata.gz: 0f2b890df80066a5d17805656efa1c9e0fedce3ffe3795974390c4e09b7512f5
+  data.tar.gz: 995e8d2076bf12e92347fc8d8d0947013ee1e14ce77eb7203c8eea6e5a720852
 SHA512:
-  metadata.gz: c24758a4b888a15d499d5a0ad612932f2e452a361fba86dc5af59c812be1c77e10a5735f267e0abfb45e382b381003592b74bbb3fdef8814e58345741a57a978
-  data.tar.gz: a8db445c711acd8b1716baef83f95fad39c7c011c7918a862aabb55b69cae02105df3beced2155298478dc580985a5791acbfa629459116244f924f85e470c57
+  metadata.gz: 22c2ddc8d877a8f99f380b794ad4f9adef7f7b114fda3ce09e5eba900623cce1c3b7d5b114ea76cf8b10ea2b46d66d6d54855ff1b5a5e6b0e657a65eafc2bc8e
+  data.tar.gz: 7ef6bdc8ad326c639c5292e9dfa23172aaa8b180791ce950d47f5d364cd7ddcc975735c9e35df4f5b14cbd06fefb9dccbb06d2470cefa9f0d51fd8e3d557335f

data/.devcontainer/devcontainer.json

@@ -1,6 +1,6 @@
 {
 	"name": "Ruby",
-	"image": "mcr.microsoft.com/devcontainers/ruby:3.1",
+	"image": "mcr.microsoft.com/devcontainers/ruby:3.2",
 	"features": {
 		"ghcr.io/devcontainers/features/node:1": {
 			"version": "lts"

data/.github/CODEOWNERS

@@ -1 +1 @@
-*	@auth0/dx-sdks-engineer
+*	@auth0/project-dx-sdks-engineer-codeowner

data/.github/ISSUE_TEMPLATE/Bug Report.yml

@@ -0,0 +1,76 @@
+name: 🐞 Report a bug
+description: Have you found a bug or issue? Create a bug report for this library
+labels: ["bug"]
+
+body:
+  - type: markdown
+    attributes:
+      value: |
+        **Please do not report security vulnerabilities here**. The [Responsible Disclosure Program](https://auth0.com/responsible-disclosure-policy) details the procedure for disclosing security issues.
+
+  - type: checkboxes
+    id: checklist
+    attributes:
+      label: Checklist
+      options:
+        - label: The issue can be reproduced in the [Rails sample app](https://github.com/auth0-samples/auth0-rubyonrails-sample/tree/master/sample) (or N/A).
+          required: true
+        - label: I have looked into the [Readme](https://github.com/auth0/omniauth-auth0#readme) and the [Examples](https://github.com/auth0/omniauth-auth0/blob/master/EXAMPLES.md), and have not found a suitable solution or answer.
+          required: true
+        - label: I have looked into the [API documentation](https://www.rubydoc.info/gems/omniauth-auth0) and have not found a suitable solution or answer.
+          required: true
+        - label: I have searched the [issues](https://github.com/auth0/omniauth-auth0/issues) and have not found a suitable solution or answer.
+          required: true
+        - label: I have searched the [Auth0 Community](https://community.auth0.com) forums and have not found a suitable solution or answer.
+          required: true
+        - label: I agree to the terms within the [Auth0 Code of Conduct](https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md).
+          required: true
+
+  - type: textarea
+    id: description
+    attributes:
+      label: Description
+      description: Provide a clear and concise description of the issue, including what you expected to happen.
+    validations:
+      required: true
+
+  - type: textarea
+    id: reproduction
+    attributes:
+      label: Reproduction
+      description: Detail the steps taken to reproduce this error, and whether this issue can be reproduced consistently or if it is intermittent.
+      placeholder: |
+        1. Step 1...
+        2. Step 2...
+        3. ...
+    validations:
+      required: true
+
+  - type: textarea
+    id: additional-context
+    attributes:
+      label: Additional context
+      description: Other libraries that might be involved, or any other relevant information you think would be useful.
+    validations:
+      required: false
+
+  - type: input
+    id: environment-version
+    attributes:
+      label: omniauth-auth0 version
+    validations:
+      required: true
+
+  - type: input
+    id: environment-omniauth-version
+    attributes:
+      label: OmniAuth version
+    validations:
+      required: true
+
+  - type: input
+    id: environment-ruby-version
+    attributes:
+      label: Ruby version
+    validations:
+      required: true

data/.github/ISSUE_TEMPLATE/Feature Request.yml

@@ -0,0 +1,53 @@
+name: 🧩 Feature request
+description: Suggest an idea or a feature for this library
+labels: ["feature request"]
+
+body:
+  - type: checkboxes
+    id: checklist
+    attributes:
+      label: Checklist
+      options:
+        - label: I have looked into the [Readme](https://github.com/auth0/omniauth-auth0#readme) and the [Examples](https://github.com/auth0/omniauth-auth0/blob/master/EXAMPLES.md), and have not found a suitable solution or answer.
+          required: true
+        - label: I have looked into the [API documentation](https://www.rubydoc.info/gems/omniauth-auth0) and have not found a suitable solution or answer.
+          required: true
+        - label: I have searched the [issues](https://github.com/auth0/omniauth-auth0/issues) and have not found a suitable solution or answer.
+          required: true
+        - label: I have searched the [Auth0 Community](https://community.auth0.com) forums and have not found a suitable solution or answer.
+          required: true
+        - label: I agree to the terms within the [Auth0 Code of Conduct](https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md).
+          required: true
+
+  - type: textarea
+    id: description
+    attributes:
+      label: Describe the problem you'd like to have solved
+      description: A clear and concise description of what the problem is.
+      placeholder: I'm always frustrated when...
+    validations:
+      required: true
+
+  - type: textarea
+    id: ideal-solution
+    attributes:
+      label: Describe the ideal solution
+      description: A clear and concise description of what you want to happen.
+    validations:
+      required: true
+
+  - type: textarea
+    id: alternatives-and-workarounds
+    attributes:
+      label: Alternatives and current workarounds
+      description: A clear and concise description of any alternatives you've considered or any workarounds that are currently in place.
+    validations:
+      required: false
+
+  - type: textarea
+    id: additional-context
+    attributes:
+      label: Additional context
+      description: Add any other context or screenshots about the feature request here.
+    validations:
+      required: false

data/.github/ISSUE_TEMPLATE/config.yml

@@ -1,8 +1,8 @@
 blank_issues_enabled: false
 contact_links:
   - name: Auth0 Community
-    url: https://community.auth0.com/c/sdks/5
+    url: https://community.auth0.com
     about: Discuss this SDK in the Auth0 Community forums
   - name: Library Documentation
     url: https://github.com/auth0/omniauth-auth0#documentation
-    about: Read the library docs on Auth0.com
+    about: Read the library docs

data/.github/actions/get-prerelease/action.yml

@@ -0,0 +1,30 @@
+name: Return a boolean indicating if the version contains prerelease identifiers
+
+#
+# Returns a simple true/false boolean indicating whether the version indicates it's a prerelease or not.
+#
+# TODO: Remove once the common repo is public.
+#
+
+inputs:
+  version:
+    required: true
+
+outputs:
+  prerelease:
+    value: ${{ steps.get_prerelease.outputs.PRERELEASE }}
+
+runs:
+  using: composite
+
+  steps:
+    - id: get_prerelease
+      shell: bash
+      run: |
+        if [[ "${VERSION}" == *"beta"* || "${VERSION}" == *"alpha"* ]]; then
+          echo "PRERELEASE=true" >> $GITHUB_OUTPUT
+        else
+          echo "PRERELEASE=false" >> $GITHUB_OUTPUT
+        fi
+      env:
+        VERSION: ${{ inputs.version }}

data/.github/actions/get-release-notes/action.yml

@@ -0,0 +1,42 @@
+name: Return the release notes extracted from the PR body
+
+#
+# Returns the release notes from the content of a pull request linked to a release branch. It expects the branch name to be in the format release/vX.Y.Z, release/X.Y.Z, release/vX.Y.Z-beta.N. etc.
+#
+# TODO: Remove once the common repo is public.
+#
+inputs:
+  version:
+    required: true
+  repo_name:
+    required: false
+  repo_owner:
+    required: true
+  token:
+    required: true
+
+outputs:
+  release-notes:
+    value: ${{ steps.get_release_notes.outputs.RELEASE_NOTES }}
+
+runs:
+  using: composite
+
+  steps:
+    - uses: actions/github-script@v7
+      id: get_release_notes
+      with:
+        result-encoding: string
+        script: |
+          const { data: pulls } = await github.rest.pulls.list({
+            owner: process.env.REPO_OWNER,
+            repo: process.env.REPO_NAME,
+            state: 'all',
+            head: `${process.env.REPO_OWNER}:release/${process.env.VERSION}`,
+          });
+          core.setOutput('RELEASE_NOTES', pulls[0].body);
+      env:
+        GITHUB_TOKEN: ${{ inputs.token }}
+        REPO_OWNER: ${{ inputs.repo_owner }}
+        REPO_NAME: ${{ inputs.repo_name }}
+        VERSION: ${{ inputs.version }}

data/.github/actions/get-version/action.yml

@@ -0,0 +1,21 @@
+name: Return the version extracted from the branch name
+
+#
+# Returns the version from the .version file.
+#
+# TODO: Remove once the common repo is public.
+#
+
+outputs:
+  version:
+    value: ${{ steps.get_version.outputs.VERSION }}
+
+runs:
+  using: composite
+
+  steps:
+    - id: get_version
+      shell: bash
+      run: |
+        VERSION=$(head -1 .version)
+        echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT

data/.github/actions/release-create/action.yml

@@ -0,0 +1,47 @@
+name: Create a GitHub release
+
+#
+# Creates a GitHub release with the given version.
+#
+# TODO: Remove once the common repo is public.
+#
+
+inputs:
+  token:
+    required: true
+  files:
+    required: false
+  name:
+    required: true
+  body:
+    required: true
+  tag:
+    required: true
+  commit:
+    required: true
+  draft:
+    default: false
+    required: false
+  prerelease:
+    default: false
+    required: false
+  fail_on_unmatched_files:
+    default: true
+    required: false
+
+runs:
+  using: composite
+
+  steps:
+    - uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844
+      with:
+        body: ${{ inputs.body }}
+        name: ${{ inputs.name }}
+        tag_name: ${{ inputs.tag }}
+        target_commitish: ${{ inputs.commit }}
+        draft: ${{ inputs.draft }}
+        prerelease: ${{ inputs.prerelease }}
+        fail_on_unmatched_files: ${{ inputs.fail_on_unmatched_files }}
+        files: ${{ inputs.files }}
+      env:
+        GITHUB_TOKEN: ${{ inputs.token }}

data/.github/actions/rl-scanner/action.yml

@@ -0,0 +1,71 @@
+name: 'Reversing Labs Scanner'
+description: 'Runs the Reversing Labs scanner on a specified artifact.'
+inputs:
+  artifact-path:
+    description: 'Path to the artifact to be scanned.'
+    required: true
+  version:
+    description: 'Version of the artifact.'
+    required: true
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Set up Python
+      uses: actions/setup-python@v4
+      with:
+        python-version: '3.10'
+
+    - name: Install Python dependencies
+      shell: bash
+      run: |
+        pip install boto3 requests
+
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        role-to-assume: ${{ env.PRODSEC_TOOLS_ARN }}
+        aws-region: us-east-1
+        mask-aws-account-id: true
+
+    - name: Install RL Wrapper
+      shell: bash
+      run: |
+        pip install rl-wrapper>=1.0.0 --index-url "https://${{ env.PRODSEC_TOOLS_USER }}:${{ env.PRODSEC_TOOLS_TOKEN }}@a0us.jfrog.io/artifactory/api/pypi/python-local/simple"
+
+    - name: Run RL Scanner
+      shell: bash
+      env:
+        RLSECURE_LICENSE: ${{ env.RLSECURE_LICENSE }}
+        RLSECURE_SITE_KEY: ${{ env.RLSECURE_SITE_KEY }}
+        SIGNAL_HANDLER_TOKEN: ${{ env.SIGNAL_HANDLER_TOKEN }}
+        PYTHONUNBUFFERED: 1
+      run: |
+        if [ ! -f "${{ inputs.artifact-path }}" ]; then
+          echo "Artifact not found: ${{ inputs.artifact-path }}"
+          exit 1
+        fi
+
+        rl-wrapper \
+          --artifact "${{ inputs.artifact-path }}" \
+          --name "${{ github.event.repository.name }}" \
+          --version "${{ inputs.version }}" \
+          --repository "${{ github.repository }}" \
+          --commit "${{ github.sha }}" \
+          --build-env "github_actions" \
+          --suppress_output
+
+        # Check the outcome of the scanner
+        if [ $? -ne 0 ]; then
+          echo "RL Scanner failed."
+          echo "scan-status=failed" >> $GITHUB_ENV
+          exit 1
+        else
+          echo "RL Scanner passed."
+          echo "scan-status=success" >> $GITHUB_ENV
+        fi
+
+outputs:
+  scan-status:
+    description: 'The outcome of the scan process.'
+    value: ${{ env.scan-status }}

data/.github/actions/rubygems-publish/action.yml

@@ -0,0 +1,30 @@
+name: Publishes to RubyGems
+
+#
+# Publishes to RubyGems
+#
+# TODO: Remove once the common repo is public.
+#
+
+inputs:
+  rubygems-token:
+    required: true
+  ruby-version:
+    required: true
+
+runs:
+  using: composite
+
+  steps:
+    - name: Configure Ruby
+      uses: ./.github/actions/setup
+      with:
+        ruby: ${{ inputs.ruby-version }}
+
+    - name: Publish to RubyGems
+      shell: bash
+      run: |
+        gem build *.gemspec
+        gem push *.gem
+      env:
+        GEM_HOST_API_KEY: ${{ inputs.rubygems-token }}

data/.github/actions/setup/action.yml

@@ -0,0 +1,28 @@
+name: Build package
+description: Build the SDK package
+
+inputs:
+  ruby:
+    description: The Ruby version to use
+    required: false
+    default: 3.2
+  bundle-path:
+    description: The path to the bundle cache
+    required: false
+    default: vendor/bundle
+
+runs:
+  using: composite
+
+  steps:
+    - name: Configure Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ inputs.ruby }}
+        bundler-cache: false
+
+    - name: Install dependencies
+      run: bundle update || bundle install
+      shell: bash
+      env:
+        BUNDLE_PATH: ${{ inputs.bundle-path }}

data/.github/actions/tag-exists/action.yml

@@ -0,0 +1,36 @@
+name: Return a boolean indicating if a tag already exists for the repository
+
+#
+# Returns a simple true/false boolean indicating whether the tag exists or not.
+#
+# TODO: Remove once the common repo is public.
+#
+
+inputs:
+  token:
+    required: true
+  tag:
+    required: true
+
+outputs:
+  exists:
+    description: 'Whether the tag exists or not'
+    value: ${{ steps.tag-exists.outputs.EXISTS }}
+
+runs:
+  using: composite
+
+  steps:
+    - id: tag-exists
+      shell: bash
+      run: |
+        GET_API_URL="https://api.github.com/repos/${GITHUB_REPOSITORY}/git/ref/tags/${TAG_NAME}"
+        http_status_code=$(curl -LI $GET_API_URL -o /dev/null -w '%{http_code}\n' -s -H "Authorization: token ${GITHUB_TOKEN}")
+        if [ "$http_status_code" -ne "404" ] ; then
+          echo "EXISTS=true" >> $GITHUB_OUTPUT
+        else
+          echo "EXISTS=false" >> $GITHUB_OUTPUT
+        fi
+      env:
+        TAG_NAME: ${{ inputs.tag }}
+        GITHUB_TOKEN: ${{ inputs.token }}

data/.github/dependabot.yml

@@ -0,0 +1,13 @@
+version: 2
+updates:
+  - package-ecosystem: "bundler"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major"]
+  - package-ecosystem: 'github-actions'
+    directory: '/'
+    schedule:
+      interval: 'daily'

data/.github/workflows/codeql.yml

@@ -0,0 +1,53 @@
+name: CodeQL
+
+on:
+  merge_group:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+  push:
+    branches:
+      - master
+  schedule:
+    - cron: "37 10 * * 2"
+
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/master' }}
+
+jobs:
+  analyze:
+    name: Check for Vulnerabilities
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ruby]
+
+    steps:
+      - if: github.actor == 'dependabot[bot]' || github.event_name == 'merge_group'
+        run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection.
+
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+          queries: +security-and-quality
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v2
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+        with:
+          category: "/language:${{ matrix.language }}"

data/.github/workflows/matrix.json

@@ -0,0 +1,7 @@
+{
+  "include": [
+    { "ruby": "3.0" },
+    { "ruby": "3.1" },
+    { "ruby": "3.2" }
+  ]
+}

data/.github/workflows/publish.yml

@@ -0,0 +1,33 @@
+name: Create Release
+
+on:
+  pull_request:
+    types:
+      - closed
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  id-token: write # This is required for requesting the JWT
+
+jobs:
+  rl-scanner:
+    uses: ./.github/workflows/rl-scanner.yml
+    with:
+      ruby-version: 3.2
+    secrets:
+      RLSECURE_LICENSE: ${{ secrets.RLSECURE_LICENSE }}
+      RLSECURE_SITE_KEY: ${{ secrets.RLSECURE_SITE_KEY }}
+      SIGNAL_HANDLER_TOKEN: ${{ secrets.SIGNAL_HANDLER_TOKEN }}
+      PRODSEC_TOOLS_USER: ${{ secrets.PRODSEC_TOOLS_USER }}
+      PRODSEC_TOOLS_TOKEN: ${{ secrets.PRODSEC_TOOLS_TOKEN }}
+      PRODSEC_TOOLS_ARN: ${{ secrets.PRODSEC_TOOLS_ARN }}
+
+  release:
+    uses: ./.github/workflows/ruby-release.yml
+    needs: rl-scanner
+    with:
+      ruby-version: 3.2
+    secrets:
+      github-token: ${{ secrets.GITHUB_TOKEN }}
+      rubygems-token: ${{ secrets.RUBYGEMS_AUTH_TOKEN }}

data/.github/workflows/rl-scanner.yml

@@ -0,0 +1,65 @@
+name: RL-Secure Workflow
+
+on:
+  workflow_call:
+    inputs:
+      ruby-version:
+        required: true
+        type: string
+    secrets:
+      RLSECURE_LICENSE:
+        required: true
+      RLSECURE_SITE_KEY:
+        required: true
+      SIGNAL_HANDLER_TOKEN:
+        required: true
+      PRODSEC_TOOLS_USER:
+        required: true
+      PRODSEC_TOOLS_TOKEN:
+        required: true
+      PRODSEC_TOOLS_ARN:
+        required: true
+
+jobs:
+  rl-scanner:
+    if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.merged && startsWith(github.event.pull_request.head.ref, 'release/'))
+    runs-on: ubuntu-latest
+    outputs:
+      scan-status: ${{ steps.rl-scan-conclusion.outcome }}
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+
+      - name: Configure Ruby
+        uses: ./.github/actions/setup
+        with:
+          ruby-version: ${{ inputs.ruby-version }}
+
+      - name: Build RubyGems
+        shell: bash
+        run: |
+          gem build *.gemspec
+          export GEM_FILE=$(ls *.gem)
+          echo "gem_file=$GEM_FILE" >> $GITHUB_ENV
+
+      - name: Get Artifact Version
+        id: get_version
+        uses: ./.github/actions/get-version
+
+      - name: Run RL Scanner
+        id: rl-scan-conclusion
+        uses: ./.github/actions/rl-scanner
+        with:
+          artifact-path: "$(pwd)/${{ env.gem_file }}"
+          version: "${{ steps.get_version.outputs.version }}"
+        env:
+          RLSECURE_LICENSE: ${{ secrets.RLSECURE_LICENSE }}
+          RLSECURE_SITE_KEY: ${{ secrets.RLSECURE_SITE_KEY }}
+          SIGNAL_HANDLER_TOKEN: ${{ secrets.SIGNAL_HANDLER_TOKEN }}
+          PRODSEC_TOOLS_USER: ${{ secrets.PRODSEC_TOOLS_USER }}
+          PRODSEC_TOOLS_TOKEN: ${{ secrets.PRODSEC_TOOLS_TOKEN }}
+          PRODSEC_TOOLS_ARN: ${{ secrets.PRODSEC_TOOLS_ARN }}
+
+      - name: Output scan result
+        run: echo "scan-status=${{ steps.rl-scan-conclusion.outcome }}" >> $GITHUB_ENV