omniauth-auth0 2.3.1 → 2.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 735b9218b77206e4e3c8d2a3e0aa983fa4b5fc41591a593ea681d5bcaa8c12d6
-  data.tar.gz: d66683b025e4dbe28c3986e5f271b71087145d1f3b9f8c425b89bc139a77750f
+  metadata.gz: 33f4a34bf39a6fb628e07ed669624f1917d07353ed6f1b90d1a7e49f159c34f0
+  data.tar.gz: 75b2362d94d4dfaa802a5a858c2b6c9c01dbd594393670c69280f21b96732ff2
 SHA512:
-  metadata.gz: '02885a905400e376c738b6fd01892e372902f8394b10d5c1436d6105127e28055827c4ca2b09f3d31df0d163dd01ea8f5dd8d53fdf2f8fc1201ba116cdcb6b9f'
-  data.tar.gz: e7b50a03c9ed21e981d89a4fa36f220da3bac9e963999fc56762ada02b19873e3452d6084198595924fa4e2be8480bfac6150e56d4536c5cf93b53369ded3253
+  metadata.gz: bd3d007acf54fdf777fd9793eb24a0512504969436bc88420f51c21647fb4099815bb099e980e1d27bcbb3e187efb3a767bdb9b59b9f08b549ebf9e011072bc9
+  data.tar.gz: 36c5a4202d76c35d52dfdf1168895a03a66cad08400150444642f1dae4c9a285b0c856ffcbed3d49763c14a9c2201dc8ab96e3dffa9c50aad3c8c201e2784f59

data/.circleci/config.yml

@@ -2,7 +2,7 @@ version: 2.1
 jobs:
   run-tests:
     docker:
-      - image: circleci/ruby:2.4.6-jessie
+      - image: circleci/ruby:2.5.7-buster
     steps:
       - checkout
       - restore_cache:
@@ -10,12 +10,6 @@ jobs:
             - gems-v2-{{ checksum "Gemfile.lock" }}
             - gems-v2-
       - run: bundle check || bundle install
-      - persist_to_workspace:
-          root: .
-          paths:
-            - Gemfile
-            - Gemfile.lock
-            - .snyk
       - save_cache:
           key: gems-v2--{{ checksum "Gemfile.lock" }}
           paths:

data/CHANGELOG.md

@@ -1,5 +1,18 @@
 # Change Log
 
+## [v2.4.0](https://github.com/auth0/omniauth-auth0/tree/v2.4.0) (2020-09-22)
+
+[Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v2.3.1...v2.4.0)
+
+**Security**
+- Bump rack from 2.2.2 to 2.2.3 [\#107](https://github.com/auth0/omniauth-auth0/pull/107) ([dependabot](https://github.com/dependabot))
+- Update dependencies [\#100](https://github.com/auth0/omniauth-auth0/pull/100) ([Albalmaceda](https://github.com/Albalmaceda))
+
+**Added**
+- Add support for screen_hint=signup param [\#103](https://github.com/auth0/omniauth-auth0/pull/103) ([bbean86](https://github.com/bbean86))
+- Add support for `connection_scope` in params [\#99](https://github.com/auth0/omniauth-auth0/pull/99) ([felixclack](https://github.com/felixclack))
+
+
 ## [v2.3.1](https://github.com/auth0/omniauth-auth0/tree/v2.3.1) (2020-03-27)
 
 [Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v2.3.0...v2.3.1)

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    omniauth-auth0 (2.3.1)
+    omniauth-auth0 (2.4.0)
       omniauth-oauth2 (~> 1.5)
 
 GEM
@@ -9,22 +9,20 @@ GEM
   specs:
     addressable (2.7.0)
       public_suffix (>= 2.0.2, < 5.0)
-    ast (2.4.0)
-    codecov (0.1.16)
+    ast (2.4.1)
+    codecov (0.2.11)
       json
       simplecov
-      url
-    coderay (1.1.2)
-    crack (0.4.3)
-      safe_yaml (~> 1.0.0)
+    coderay (1.1.3)
+    crack (0.4.4)
     daemons (1.3.1)
-    diff-lcs (1.3)
+    diff-lcs (1.4.4)
     docile (1.3.2)
-    dotenv (2.7.5)
+    dotenv (2.7.6)
     eventmachine (1.2.7)
-    faraday (1.0.0)
+    faraday (1.0.1)
       multipart-post (>= 1.2, < 3)
-    ffi (1.12.2)
+    ffi (1.13.1)
     formatador (0.2.5)
     gem-release (2.1.1)
     guard (2.16.2)
@@ -43,16 +41,15 @@ GEM
       rspec (>= 2.99.0, < 4.0)
     hashdiff (1.0.1)
     hashie (4.1.0)
-    jaro_winkler (1.5.4)
-    json (2.3.0)
-    jwt (2.2.1)
+    json (2.3.1)
+    jwt (2.2.2)
     listen (3.1.5)
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
       ruby_dep (~> 1.2)
-    lumberjack (1.2.4)
+    lumberjack (1.2.8)
     method_source (1.0.0)
-    multi_json (1.14.1)
+    multi_json (1.15.0)
     multi_xml (0.6.0)
     multipart-post (2.1.1)
     mustermann (1.1.1)
@@ -70,63 +67,66 @@ GEM
     omniauth (1.9.1)
       hashie (>= 3.4.6)
       rack (>= 1.6.2, < 3)
-    omniauth-oauth2 (1.6.0)
-      oauth2 (~> 1.1)
+    omniauth-oauth2 (1.7.0)
+      oauth2 (~> 1.4)
       omniauth (~> 1.9)
-    parallel (1.19.1)
-    parser (2.7.0.5)
-      ast (~> 2.4.0)
-    pry (0.13.0)
+    parallel (1.19.2)
+    parser (2.7.1.4)
+      ast (~> 2.4.1)
+    pry (0.13.1)
       coderay (~> 1.1)
       method_source (~> 1.0)
-    public_suffix (4.0.3)
-    rack (2.2.2)
-    rack-protection (2.0.8.1)
+    public_suffix (4.0.6)
+    rack (2.2.3)
+    rack-protection (2.1.0)
       rack
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
     rainbow (3.0.0)
     rake (13.0.1)
-    rb-fsevent (0.10.3)
+    rb-fsevent (0.10.4)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
+    regexp_parser (1.8.0)
     rexml (3.2.4)
     rspec (3.9.0)
       rspec-core (~> 3.9.0)
       rspec-expectations (~> 3.9.0)
       rspec-mocks (~> 3.9.0)
-    rspec-core (3.9.1)
-      rspec-support (~> 3.9.1)
-    rspec-expectations (3.9.1)
+    rspec-core (3.9.2)
+      rspec-support (~> 3.9.3)
+    rspec-expectations (3.9.2)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.9.0)
     rspec-mocks (3.9.1)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.9.0)
-    rspec-support (3.9.2)
-    rubocop (0.80.1)
-      jaro_winkler (~> 1.5.1)
+    rspec-support (3.9.3)
+    rubocop (0.91.0)
       parallel (~> 1.10)
-      parser (>= 2.7.0.1)
+      parser (>= 2.7.1.1)
       rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.7)
       rexml
+      rubocop-ast (>= 0.4.0, < 1.0)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 1.7)
+      unicode-display_width (>= 1.4.0, < 2.0)
+    rubocop-ast (0.4.2)
+      parser (>= 2.7.1.4)
     ruby-progressbar (1.10.1)
     ruby2_keywords (0.0.2)
     ruby_dep (1.5.0)
-    safe_yaml (1.0.5)
     shellany (0.0.1)
     shotgun (0.9.2)
       rack (>= 1.0)
-    simplecov (0.18.5)
+    simplecov (0.19.0)
       docile (~> 1.1)
       simplecov-html (~> 0.11)
     simplecov-html (0.12.2)
-    sinatra (2.0.8.1)
+    sinatra (2.1.0)
       mustermann (~> 1.0)
-      rack (~> 2.0)
-      rack-protection (= 2.0.8.1)
+      rack (~> 2.2)
+      rack-protection (= 2.1.0)
       tilt (~> 2.0)
     thin (1.7.2)
       daemons (~> 1.0, >= 1.0.9)
@@ -134,9 +134,8 @@ GEM
       rack (>= 1, < 3)
     thor (1.0.1)
     tilt (2.0.10)
-    unicode-display_width (1.6.1)
-    url (0.3.2)
-    webmock (3.8.3)
+    unicode-display_width (1.7.0)
+    webmock (3.9.1)
       addressable (>= 2.3.6)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)

data/README.md

@@ -1,13 +1,14 @@
 # OmniAuth Auth0
 
-An [OmniAuth](https://github.com/intridea/omniauth) strategy for authenticating with [Auth0](https://auth0.com). This strategy is based on the [OmniAuth OAuth2](https://github.com/omniauth/omniauth-oauth2) strategy. 
+An [OmniAuth](https://github.com/intridea/omniauth) strategy for authenticating with [Auth0](https://auth0.com). This strategy is based on the [OmniAuth OAuth2](https://github.com/omniauth/omniauth-oauth2) strategy.
 
-**Important security note:** The parent library for this strategy currently has an unresolved security issue. Please see the discussion, including mitigations for Rails and non-Rails applications, [here](https://github.com/auth0/omniauth-auth0/issues/82).
+> :warning:  **Important security note:** This solution uses a 3rd party library with an unresolved [security issue(s)](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9284). Please review the details of the vulnerability, including [Auth0](https://github.com/auth0/omniauth-auth0/issues/82 ) and other recommended [mitigations](https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284), before implementing the solution.
 
 [![CircleCI](https://img.shields.io/circleci/project/github/auth0/omniauth-auth0/master.svg)](https://circleci.com/gh/auth0/omniauth-auth0)
 [![codecov](https://codecov.io/gh/auth0/omniauth-auth0/branch/master/graph/badge.svg)](https://codecov.io/gh/auth0/omniauth-auth0)
 [![Gem Version](https://badge.fury.io/rb/omniauth-auth0.svg)](https://badge.fury.io/rb/omniauth-auth0)
 [![MIT licensed](https://img.shields.io/dub/l/vibe-d.svg?style=flat)](https://github.com/auth0/omniauth-auth0/blob/master/LICENSE)
+[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fauth0%2Fomniauth-auth0.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2Fauth0%2Fomniauth-auth0?ref=badge_shield)
 
 ## Table of Contents
 
@@ -45,7 +46,7 @@ Then install:
 $ bundle install
 ```
 
-See our [contributing guide](CONTRIBUTING.md) for information on local installation for development. 
+See our [contributing guide](CONTRIBUTING.md) for information on local installation for development.
 
 ## Getting Started
 
@@ -63,7 +64,7 @@ All of these tasks and more are covered in our [Ruby on Rails Quickstart](https:
 To send additional parameters during login, you can specify them when you register the provider:
 
 ```ruby
-provider 
+provider
   :auth0,
   ENV['AUTH0_CLIENT_ID'],
   ENV['AUTH0_CLIENT_SECRET'],
@@ -121,6 +122,17 @@ The Auth0 strategy will provide the standard OmniAuth hash attributes:
 }
 ```
 
+### Query Parameter Options
+
+In some scenarios, you may need to pass specific query parameters to `/authorize`. The following parameters are available to enable this:
+
+- `connection`
+- `connection_scope`
+- `prompt`
+- `screen_hint` (only relevant to New Universal Login Experience)
+
+Simply pass these query parameters to your OmniAuth redirect endpoint to enable their behavior.
+
 ## Contribution
 
 We appreciate feedback and contribution to this repo! Before you get started, please see the following:
@@ -133,7 +145,7 @@ We appreciate feedback and contribution to this repo! Before you get started, pl
 
 - Use [Community](https://community.auth0.com/) for usage, questions, specific cases.
 - Use [Issues](https://github.com/auth0/omniauth-auth0/issues) here for code-level support and bug reports.
-- Paid customers can use [Support](https://support.auth0.com/) to submit a trouble ticket for production-affecting issues. 
+- Paid customers can use [Support](https://support.auth0.com/) to submit a trouble ticket for production-affecting issues.
 
 ## Vulnerability Reporting
 
@@ -155,3 +167,6 @@ Auth0 helps you to easily:
 ## License
 
 The OmniAuth Auth0 strategy is licensed under MIT - [LICENSE](LICENSE)
+
+
+[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fauth0%2Fomniauth-auth0.svg?type=large)](https://app.fossa.com/projects/git%2Bgithub.com%2Fauth0%2Fomniauth-auth0?ref=badge_large)

data/lib/omniauth-auth0/version.rb

@@ -1,5 +1,5 @@
 module OmniAuth
   module Auth0
-    VERSION = '2.3.1'.freeze
+    VERSION = '2.4.0'.freeze
   end
 end

data/lib/omniauth/strategies/auth0.rb

@@ -86,7 +86,7 @@ module OmniAuth
       def authorize_params
         params = super
         parsed_query = Rack::Utils.parse_query(request.query_string)
-        %w[connection prompt].each do |key|
+        %w[connection connection_scope prompt screen_hint].each do |key|
           params[key] = parsed_query[key] if parsed_query.key?(key)
         end
 
@@ -94,7 +94,7 @@ module OmniAuth
         params[:nonce] = SecureRandom.hex
         # Generate leeway if none exists
         params[:leeway] = 60 unless params[:leeway]
-        
+
         # Store authorize params in the session for token verification
         session['authorize_params'] = params
 

data/spec/omniauth/strategies/auth0_spec.rb

@@ -83,7 +83,9 @@ describe OmniAuth::Strategies::Auth0 do
       expect(redirect_url).to have_query('redirect_uri')
       expect(redirect_url).not_to have_query('auth0Client')
       expect(redirect_url).not_to have_query('connection')
+      expect(redirect_url).not_to have_query('connection_scope')
       expect(redirect_url).not_to have_query('prompt')
+      expect(redirect_url).not_to have_query('screen_hint')
     end
 
     it 'redirects to hosted login page' do
@@ -97,7 +99,18 @@ describe OmniAuth::Strategies::Auth0 do
       expect(redirect_url).to have_query('redirect_uri')
       expect(redirect_url).to have_query('connection', 'abcd')
       expect(redirect_url).not_to have_query('auth0Client')
+      expect(redirect_url).not_to have_query('connection_scope')
       expect(redirect_url).not_to have_query('prompt')
+      expect(redirect_url).not_to have_query('screen_hint')
+    end
+
+    it 'redirects to the hosted login page with connection_scope' do
+      get 'auth/auth0?connection_scope=identity_provider_scope'
+      expect(last_response.status).to eq(302)
+      redirect_url = last_response.headers['Location']
+      expect(redirect_url).to start_with('https://samples.auth0.com/authorize')
+      expect(redirect_url)
+        .to have_query('connection_scope', 'identity_provider_scope')
     end
 
     it 'redirects to hosted login page with prompt=login' do
@@ -114,6 +127,20 @@ describe OmniAuth::Strategies::Auth0 do
       expect(redirect_url).not_to have_query('connection')
     end
 
+    it 'redirects to hosted login page with screen_hint=signup' do
+      get 'auth/auth0?screen_hint=signup'
+      expect(last_response.status).to eq(302)
+      redirect_url = last_response.headers['Location']
+      expect(redirect_url).to start_with('https://samples.auth0.com/authorize')
+      expect(redirect_url).to have_query('response_type', 'code')
+      expect(redirect_url).to have_query('state')
+      expect(redirect_url).to have_query('client_id')
+      expect(redirect_url).to have_query('redirect_uri')
+      expect(redirect_url).to have_query('screen_hint', 'signup')
+      expect(redirect_url).not_to have_query('auth0Client')
+      expect(redirect_url).not_to have_query('connection')
+    end
+
     describe 'callback' do
       let(:access_token) { 'access token' }
       let(:expires_in) { 2000 }

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-auth0
 version: !ruby/object:Gem::Version
-  version: 2.3.1
+  version: 2.4.0
 platform: ruby
 authors:
 - Auth0
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-03-27 00:00:00.000000000 Z
+date: 2020-09-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth-oauth2
@@ -88,7 +88,7 @@ homepage: https://github.com/auth0/omniauth-auth0
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -103,8 +103,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.1
-signing_key: 
+rubygems_version: 3.1.2
+signing_key:
 specification_version: 4
 summary: OmniAuth OAuth2 strategy for the Auth0 platform.
 test_files: