omniauth-fishbrain 0.9.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 18b08b84c82f3c10704e309debd002b2a05bfba8c3f9392028325339fdab0f61
+  data.tar.gz: fc941f8c41c630491831e79f828f07621be3e1fc80ca91a7f7fe93f64cad926a
+SHA512:
+  metadata.gz: 1ad8cff223e86137c99d924b0bdd8cf2146393738419b13163d2ae5dd69b3678967e71ce96f9cd8422b77080eaf6186edd9c1064ab9c4870e8d99dca5ff31848
+  data.tar.gz: cc450625016d5ee861732382fdf868ec42c4291f453358729f1d28c530978bd0d5bffd6e41a9e35b8c0b8fedade712a902c1f96ab4f06423f1f81c7f9a16e99d

data/.gitignore

@@ -0,0 +1,56 @@
+*.gem
+*.rbc
+/.config
+/coverage/
+/InstalledFiles
+/pkg/
+/spec/reports/
+/spec/examples.txt
+/test/tmp/
+/test/version_tmp/
+/tmp/
+
+# Used by dotenv library to load environment variables.
+# .env
+
+# Ignore Byebug command history file.
+.byebug_history
+
+## Specific to RubyMotion:
+.dat*
+.repl_history
+build/
+*.bridgesupport
+build-iPhoneOS/
+build-iPhoneSimulator/
+
+## Specific to RubyMotion (use of CocoaPods):
+#
+# We recommend against adding the Pods directory to your .gitignore. However
+# you should judge for yourself, the pros and cons are mentioned at:
+# https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control
+#
+# vendor/Pods/
+
+## Documentation cache and generated files:
+/.yardoc/
+/_yardoc/
+/doc/
+/rdoc/
+
+## Environment normalization:
+/.bundle/
+/vendor/bundle
+/lib/bundler/man/
+
+# for a library or gem, you might want to ignore these files since the code is
+# intended to run in multiple environments; otherwise, check them in:
+# Gemfile.lock
+# .ruby-version
+# .ruby-gemset
+
+# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
+.rvmrc
+
+# Used by RuboCop. Remote config files pulled in from inherit_from directive.
+# .rubocop-https?--*

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2020 Fishbrain
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,25 @@
+# omniauth-fishbrain
+
+OmniAuth strategy for authenticating with Fishbrain
+
+## Installation
+
+Add to your `Gemfile`:
+
+```ruby
+gem 'omniauth-google-oauth2'
+```
+
+Then `bundle install`.
+
+## Usage
+
+Add something like the following to add the fishbrain authentication stategy.
+
+```
+  use OmniAuth::Builder do
+    provider :fishbrain, ENV.fetch('FISHBRAIN_CLIENT_ID'), ENV.fetch('FISHBRAIN_CLIENT_SECRET')
+  end
+```
+
+See `/examples` for a full example using Sinatra & Omniauth.

data/examples/sinatra/Gemfile

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
+
+git_source(:github) {|repo_name| 'https://github.com/#{repo_name}' }
+
+gem 'sinatra'
+gem 'omniauth'
+gem 'haml'
+gem 'omniauth-fishbrain'

data/examples/sinatra/fishbrain_example.rb

@@ -0,0 +1,34 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'sinatra/base'
+require 'omniauth'
+require 'omniauth-fishbrain'
+require 'pp'
+
+# Example Sinatra+Omniauth+Fishbrain app
+class FishbrainExample < Sinatra::Application
+  configure do
+    set :sessions, true
+    set :haml, format: :html5
+  end
+  use OmniAuth::Builder do
+    provider :fishbrain,
+             ENV.fetch('FISHBRAIN_CLIENT_ID'),
+             ENV.fetch('FISHBRAIN_CLIENT_SECRET')
+  end
+
+  get '/' do
+    haml :index
+  end
+
+  get '/auth/failure' do
+    haml :auth_failure
+  end
+
+  get '/auth/:provider/callback' do
+    haml :callback
+  end
+
+  run! if app_file == $PROGRAM_NAME
+end

data/examples/sinatra/views/auth_failure.haml

@@ -0,0 +1,10 @@
+!!!
+%html
+  %head
+    %title
+      Cognito auth example
+  %body
+    %h1
+      Authentication failure
+
+    %pre= params['message']

data/examples/sinatra/views/callback.haml

@@ -0,0 +1,9 @@
+!!!
+%html
+  %head
+    %title
+      Cognito auth example
+  %body
+    %h1= params[:provider]
+
+    %pre= request.env['omniauth.auth'].pretty_inspect

data/examples/sinatra/views/index.haml

@@ -0,0 +1,14 @@
+!!!
+%html
+  %head
+    %title
+      Cognito auth example
+  %body
+    %h1
+      Welcome
+
+    %a{ href: "/auth/fishbrain" }
+      Log in with Fishbrain
+
+    %a{ href: "/auth/cognito-idp" }
+      Log in with Cognito

data/lib/omniauth-fishbrain.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+require 'omniauth/fishbrain'

data/lib/omniauth/fishbrain.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+require 'omniauth/strategies/fishbrain'

data/lib/omniauth/fishbrain/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module OmniAuth
+  module Fishbrain
+    VERSION = '0.9.0'
+  end
+end

data/lib/omniauth/strategies/fishbrain.rb

@@ -0,0 +1,85 @@
+# frozen_string_literal: true
+
+require 'omniauth-oauth2'
+require 'jwt'
+
+module OmniAuth
+  module Strategies
+    # OmniAuth Strategy for Fishbrain
+    class Fishbrain < OmniAuth::Strategies::OAuth2
+      option :name, 'fishbrain'
+      option :client_options,
+             site: 'https://accounts.fishbrain.com',
+             authorize_url: '/oauth2/authorize',
+             token_url: '/oauth2/token',
+             auth_scheme: :basic_auth
+      option :scope, 'email openid profile'
+      option :jwt_leeway, 60
+      option :user_pool_id, 'eu-west-1_5r0WbR8OH'
+      option :aws_region, 'eu-west-1'
+
+      uid do
+        parsed_id_token['sub'] if parsed_id_token
+      end
+
+      info do
+        if parsed_id_token
+          {
+            name: parsed_id_token['name'],
+            email: parsed_id_token['email'],
+            phone: parsed_id_token['phone_number']
+          }
+        end
+      end
+
+      credentials do
+        { token: access_token.token }.tap do |hash|
+          hash[:refresh_token] = access_token.refresh_token if access_token.expires? && access_token.refresh_token
+          hash[:expires_at] = access_token.expires_at if access_token.expires?
+          hash[:expires] = access_token.expires?
+          hash[:id_token] = id_token if id_token
+        end
+      end
+
+      extra do
+        { raw_info: parsed_id_token.reject { |key| %w[iss aud exp iat token_use nbf].include?(key) } }
+      end
+
+      private
+
+      # Override this method to remove the query string from the callback_url because Cognito
+      # requires an exact match
+      def build_access_token
+        client.auth_code.get_token(
+          request.params['code'],
+          { redirect_uri: callback_url.split('?').first }.merge(token_params.to_hash(symbolize_keys: true)),
+          deep_symbolize(options.auth_token_params)
+        )
+      end
+
+      def id_token
+        access_token && access_token['id_token']
+      end
+
+      def parsed_id_token
+        return nil unless id_token
+
+        @parsed_id_token ||= JWT.decode(
+          id_token,
+          nil,
+          false,
+          verify_iss: options[:aws_region] && options[:user_pool_id],
+          iss: "https://cognito-idp.#{options[:aws_region]}.amazonaws.com/#{options[:user_pool_id]}",
+          verify_aud: true,
+          aud: options[:client_id],
+          verify_sub: true,
+          verify_expiration: true,
+          verify_not_before: true,
+          verify_iat: true,
+          verify_jti: false,
+          leeway: options[:jwt_leeway]
+        ).first
+      end
+    end
+  end
+end

data/omniauth-fishbrain.gemspec

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+require File.expand_path(
+  File.join('..', 'lib', 'omniauth', 'fishbrain', 'version'),
+  __FILE__
+)
+
+Gem::Specification.new do |gem|
+  gem.name          = 'omniauth-fishbrain'
+  gem.version       = OmniAuth::Fishbrain::VERSION
+  gem.license       = 'MIT'
+  gem.summary       = %(A Fishbrain strategy for OmniAuth 1.x)
+  gem.description   = %(A Fishbrain strategy for OmniAuth 1.x. This allows you to login to Fishbrain with your ruby app.)
+  gem.authors       = ['Erik Dalen']
+  gem.email         = ['erik.dalen@fishbrain.com']
+  gem.homepage      = 'https://github.com/fishbrain/omniauth-fishbrain'
+
+  gem.files         = `git ls-files`.split("\n")
+  gem.require_paths = ['lib']
+
+  gem.required_ruby_version = '>= 2.2'
+
+  gem.add_runtime_dependency 'jwt', '~> 2.0'
+  gem.add_runtime_dependency 'omniauth-oauth2', '~> 1.6'
+end

metadata

@@ -0,0 +1,86 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-fishbrain
+version: !ruby/object:Gem::Version
+  version: 0.9.0
+platform: ruby
+authors:
+- Erik Dalen
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2020-02-10 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: omniauth-oauth2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+description: A Fishbrain strategy for OmniAuth 1.x. This allows you to login to Fishbrain
+  with your ruby app.
+email:
+- erik.dalen@fishbrain.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- LICENSE
+- README.md
+- examples/sinatra/Gemfile
+- examples/sinatra/fishbrain_example.rb
+- examples/sinatra/views/auth_failure.haml
+- examples/sinatra/views/callback.haml
+- examples/sinatra/views/index.haml
+- lib/omniauth-fishbrain.rb
+- lib/omniauth/fishbrain.rb
+- lib/omniauth/fishbrain/version.rb
+- lib/omniauth/strategies/fishbrain.rb
+- omniauth-fishbrain.gemspec
+homepage: https://github.com/fishbrain/omniauth-fishbrain
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '2.2'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.6
+signing_key: 
+specification_version: 4
+summary: A Fishbrain strategy for OmniAuth 1.x
+test_files: []