RubyGems - omniauth-auth0 - Versions diffs - 3.1.1 → 3.2.0 - Mend

omniauth-auth0 3.1.1 → 3.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (35) hide show

checksums.yaml +4 -4
data/.github/CODEOWNERS +1 -1
data/.github/actions/get-prerelease/action.yml +30 -0
data/.github/actions/get-release-notes/action.yml +42 -0
data/.github/actions/get-version/action.yml +21 -0
data/.github/actions/release-create/action.yml +47 -0
data/.github/actions/rl-scanner/action.yml +71 -0
data/.github/actions/rubygems-publish/action.yml +30 -0
data/.github/actions/setup/action.yml +28 -0
data/.github/actions/tag-exists/action.yml +36 -0
data/.github/dependabot.yml +13 -0
data/.github/workflows/codeql.yml +53 -0
data/.github/workflows/matrix.json +7 -0
data/.github/workflows/publish.yml +33 -0
data/.github/workflows/rl-scanner.yml +65 -0
data/.github/workflows/ruby-release.yml +72 -0
data/.github/workflows/snyk.yml +40 -0
data/.github/workflows/test.yml +69 -0
data/.shiprc +2 -1
data/.version +1 -0
data/CHANGELOG.md +10 -5
data/Gemfile +1 -2
data/Gemfile.lock +117 -84
data/README.md +42 -1
data/lib/omniauth/auth0/jwt_token.rb +38 -0
data/lib/omniauth/auth0/jwt_validator.rb +2 -2
data/lib/omniauth/strategies/auth0.rb +48 -14
data/lib/omniauth-auth0/version.rb +1 -1
data/omniauth-auth0.gemspec +1 -0
data/spec/omniauth/auth0/jwt_token_spec.rb +87 -0
data/spec/omniauth/strategies/auth0_spec.rb +478 -230
metadata +39 -9
data/.circleci/config.yml +0 -63
data/.gemrelease +0 -2
data/.github/workflows/semgrep.yml +0 -24

data/spec/omniauth/auth0/jwt_token_spec.rb ADDED Viewed

@@ -0,0 +1,87 @@
+# frozen_string_literal: true
+require 'spec_helper'
+require 'json'
+require 'jwt'
+describe OmniAuth::Auth0::JWTToken do
+  let(:client_id) { 'CLIENT_ID' }
+  let(:domain_url) { 'https://samples.auth0.com' }
+  let(:client_assertion_signing_key) { OpenSSL::PKey::RSA.generate(2048) }
+  describe '#jwt_token' do
+    it 'generates a valid JWT token' do
+      uuid = '12345678-1234-5678-1234-567812345678'
+      allow(SecureRandom).to receive(:uuid).and_return(uuid)
+      jwt_token = described_class.new(client_id,
+                                      domain_url,
+                                      client_assertion_signing_key,
+                                      'RS256')
+                                 .jwt_token
+      decoded_token = JWT.decode(jwt_token, client_assertion_signing_key, true, { algorithm: 'RS256' })
+      expect(decoded_token[0]['iss']).to eq(client_id)
+      expect(decoded_token[0]['sub']).to eq(client_id)
+      expect(decoded_token[0]['aud']).to eq("#{domain_url}/oauth/token")
+      expect(decoded_token[0]['iat']).to be_within(5).of(Time.now.utc.to_i)
+      expect(decoded_token[0]['exp']).to eq(decoded_token[0]['iat'] + 60)
+      expect(decoded_token[0]['jti']).to eq(uuid)
+    end
+    it 'defaults to RS256 algorithm if not specified' do
+      uuid = '12345678-1234-5678-1234-567812345678'
+      allow(SecureRandom).to receive(:uuid).and_return(uuid)
+      jwt_token = described_class.new(client_id, domain_url, client_assertion_signing_key).jwt_token
+      decoded_token = JWT.decode(jwt_token, client_assertion_signing_key, true, { algorithm: 'RS256' })
+      expect(decoded_token[0]['iss']).to eq(client_id)
+      expect(decoded_token[0]['sub']).to eq(client_id)
+      expect(decoded_token[0]['aud']).to eq("#{domain_url}/oauth/token")
+      expect(decoded_token[0]['iat']).to be_within(5).of(Time.now.utc.to_i)
+      expect(decoded_token[0]['exp']).to eq(decoded_token[0]['iat'] + 60)
+      expect(decoded_token[0]['jti']).to eq(uuid)
+    end
+    context 'when using ES256 algorithm' do
+      let(:client_assertion_signing_key) { OpenSSL::PKey::EC.generate('prime256v1') }
+      it 'generates a valid JWT token' do
+        uuid = '12345678-1234-5678-1234-567812345678'
+        allow(SecureRandom).to receive(:uuid).and_return(uuid)
+        jwt_token = described_class.new(client_id,
+                                        domain_url,
+                                        client_assertion_signing_key,
+                                        'ES256')
+                                   .jwt_token
+        decoded_token = JWT.decode(jwt_token, client_assertion_signing_key, true, { algorithm: 'ES256' })
+        expect(decoded_token[0]['iss']).to eq(client_id)
+        expect(decoded_token[0]['sub']).to eq(client_id)
+        expect(decoded_token[0]['aud']).to eq("#{domain_url}/oauth/token")
+        expect(decoded_token[0]['iat']).to be_within(5).of(Time.now.utc.to_i)
+        expect(decoded_token[0]['exp']).to eq(decoded_token[0]['iat'] + 60)
+        expect(decoded_token[0]['jti']).to eq(uuid)
+      end
+      it 'accepts client_assertion_signing_key_token_params as a string' do
+        uuid = '12345678-1234-5678-1234-567812345678'
+        allow(SecureRandom).to receive(:uuid).and_return(uuid)
+        jwt_token = described_class.new(client_id,
+                                        domain_url,
+                                        client_assertion_signing_key,
+                                        'ES256')
+                                   .jwt_token
+        decoded_token = JWT.decode(jwt_token, client_assertion_signing_key, true, { algorithm: 'ES256' })
+        expect(decoded_token[0]['iss']).to eq(client_id)
+        expect(decoded_token[0]['sub']).to eq(client_id)
+        expect(decoded_token[0]['aud']).to eq("#{domain_url}/oauth/token")
+        expect(decoded_token[0]['iat']).to be_within(5).of(Time.now.utc.to_i)
+        expect(decoded_token[0]['exp']).to eq(decoded_token[0]['iat'] + 60)
+        expect(decoded_token[0]['jti']).to eq(uuid)
+      end
+    end
+  end
+end