omniauth-central_login 0.1.1 → 0.1.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -1
- data/Gemfile.lock +3 -3
- data/README.md +3 -2
- data/lib/omniauth/central_login/version.rb +1 -1
- data/lib/omniauth/strategies/central_login.rb +35 -10
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7a2e042cb3c151ef206a36de06beff6f563001d8faae0a9b561e1c647b44566a
|
4
|
+
data.tar.gz: 7546815597889a165e18312fdb71cd8cf7b01e8b0d659260775e4baa8fcf7209
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1382ebbea861023fd931f1452bea972132e132bbe1cff539f5060e26e8768931bd83d5bf5f6a1eef822ee4dda79d193b7a1155b233437244fa9a4337f072d0b9
|
7
|
+
data.tar.gz: 0bd4fef9ca7a379aa66258b32614f0971c4b42c1a3f8eb27b0c219e8ce677da064cdc93df95970257e8015269a390659f8feb8f89ae11b64db380e7fc808375f
|
data/CHANGELOG.md
CHANGED
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
omniauth-central_login (0.1.
|
4
|
+
omniauth-central_login (0.1.1)
|
5
5
|
omniauth-oauth2 (~> 1.7)
|
6
6
|
|
7
7
|
GEM
|
@@ -47,7 +47,7 @@ GEM
|
|
47
47
|
oauth2 (~> 1.4)
|
48
48
|
omniauth (>= 1.9, < 3)
|
49
49
|
parallel (1.21.0)
|
50
|
-
parser (3.0.
|
50
|
+
parser (3.0.3.1)
|
51
51
|
ast (~> 2.4.1)
|
52
52
|
rack (2.2.3)
|
53
53
|
rack-protection (2.1.0)
|
@@ -65,7 +65,7 @@ GEM
|
|
65
65
|
rubocop-ast (>= 1.12.0, < 2.0)
|
66
66
|
ruby-progressbar (~> 1.7)
|
67
67
|
unicode-display_width (>= 1.4.0, < 3.0)
|
68
|
-
rubocop-ast (1.
|
68
|
+
rubocop-ast (1.14.0)
|
69
69
|
parser (>= 3.0.1.1)
|
70
70
|
rubocop-minitest (0.17.0)
|
71
71
|
rubocop (>= 0.90, < 2.0)
|
data/README.md
CHANGED
@@ -27,13 +27,14 @@ Configuring Omniauth:
|
|
27
27
|
scope: "openid email profile",
|
28
28
|
client_options: {
|
29
29
|
site: ENV['CENTRAL_LOGIN_URL']
|
30
|
-
|
30
|
+
},
|
31
|
+
response_type: "id_token" # saves another round trip, but is optional
|
31
32
|
}
|
32
33
|
end
|
33
34
|
|
34
35
|
Configuration for Devise (using omniauthable):
|
35
36
|
|
36
|
-
config.omniauth :central_login, Rails.application.secrets.central_login_id, Rails.application.secrets.central_login_secret, {client_options: {site: Rails.application.secrets.central_login_site}, scope: "openid email profile"}
|
37
|
+
config.omniauth :central_login, Rails.application.secrets.central_login_id, Rails.application.secrets.central_login_secret, {client_options: {site: Rails.application.secrets.central_login_site}, scope: "openid email profile", response_type: "id_token"}
|
37
38
|
|
38
39
|
## Development
|
39
40
|
|
@@ -27,11 +27,12 @@ module OmniAuth
|
|
27
27
|
# {client_options: {site: Rails.application.secrets.central_login_site}, scope: "openid email profile"}
|
28
28
|
#
|
29
29
|
class CentralLogin < OmniAuth::Strategies::OAuth2
|
30
|
+
|
30
31
|
# /.well-known/openid-configuration
|
31
32
|
option :name, "central_login"
|
32
|
-
option :client_options, site: ""
|
33
|
-
|
33
|
+
option :client_options, {site: ""}
|
34
34
|
option :redirect_url
|
35
|
+
option :scope, "openid"
|
35
36
|
|
36
37
|
uid { raw_info["uid"].to_s }
|
37
38
|
|
@@ -44,27 +45,51 @@ module OmniAuth
|
|
44
45
|
end
|
45
46
|
|
46
47
|
extra do
|
47
|
-
{ raw_info: raw_info }
|
48
|
+
{ raw_info: raw_info, id_token: id_token }
|
49
|
+
end
|
50
|
+
|
51
|
+
def id_token
|
52
|
+
if options.response_type.to_s == "id_token"
|
53
|
+
@id_token ||= access_token["id_token"]
|
54
|
+
end
|
55
|
+
end
|
56
|
+
|
57
|
+
def validate_id_token(id_token)
|
58
|
+
JWT.decode(id_token, nil, true, {
|
59
|
+
algorithms: ["RS256"],
|
60
|
+
jwks: jwks,
|
61
|
+
iss: options.client_options[:site]
|
62
|
+
})[0]
|
48
63
|
end
|
49
64
|
|
50
65
|
def raw_info
|
51
66
|
return @raw_info if @raw_info
|
52
67
|
|
53
|
-
|
54
|
-
|
68
|
+
if id_token
|
69
|
+
@raw_info = validate_id_token(id_token)
|
70
|
+
else
|
71
|
+
@raw_info = access_token.get("/oauth/userinfo").parsed
|
55
72
|
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
73
|
+
if @raw_info
|
74
|
+
@raw_info["issuer"] = access_token
|
75
|
+
.get("/.well-known/webfinger?resource=#{@raw_info["email"]}")
|
76
|
+
.parsed["links"]
|
77
|
+
.select { |a| a["rel"] == "http://openid.net/specs/connect/1.0/issuer" }[0]["href"]
|
78
|
+
end
|
61
79
|
end
|
62
80
|
|
63
81
|
@raw_info
|
82
|
+
|
83
|
+
rescue ::OAuth2::Error => e
|
84
|
+
raise ::Omniauth::CentralLogin::Error, "Make sure you have 'openid' added as scope (OAuth2::error: #{e.message})"
|
64
85
|
end
|
65
86
|
|
66
87
|
private
|
67
88
|
|
89
|
+
def jwks
|
90
|
+
JSON.parse(Faraday::Connection.new(URI.join(options.client_options[:site], "oauth/discovery/keys")).get.body)
|
91
|
+
end
|
92
|
+
|
68
93
|
def callback_url
|
69
94
|
options.redirect_url || (full_host + script_name + callback_path)
|
70
95
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: omniauth-central_login
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- murb
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-12-
|
11
|
+
date: 2021-12-31 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: omniauth-oauth2
|