omniauth-google-id-token 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 425802e1587c5e8afa16a3e4b61d535dcd330eb359160c57208b5ab888e3cf8b
+  data.tar.gz: 3e31bc2a0abd6ba90fc88f5b2cff2bbbca22343ca7e89e281f42020aa9de3665
+SHA512:
+  metadata.gz: fbf39583b5f0ee0570d4cef96349168ee8884c9179a48c5f35260a34c22f223382fab9fa7223eef9729a6eb8e37b0e8659f4514e3f7a053e5a022a1c7919b31a
+  data.tar.gz: f18ed904fe16a8aaa6636a1c5ae31412e1824de327aebe38ea632c9170d7db65819905cf69ab8d6d16cc68eca55b4638a3f93dee32d91099932fd3ccc8ad7efb

data/.gitignore

@@ -0,0 +1,18 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+vendor

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--format progress

data/Dockerfile

@@ -0,0 +1,24 @@
+FROM ruby:2.3
+
+RUN mkdir -p /src
+WORKDIR /src
+
+COPY Gemfile /src/Gemfile
+COPY Gemfile.lock /src/Gemfile.lock
+COPY omniauth-google-id-token.gemspec /src/omniauth-google-id-token.gemspec
+COPY lib /src/lib
+
+ENV BUNDLE_GEMFILE=/src/Gemfile \
+  BUNDLE_JOBS=2 \
+  BUNDLE_PATH=/src/vendor/bundle \
+  GEM_PATH=/src/vendor/bundle \
+  BUNDLE_APP_CONFIG=/src/vendor/bundle \
+  BUNDLE_BIN=/src/vendor/bundle/bin \
+  BUNDLE_BINSTUBS=/src/vendor/bundle/binstubs \
+  PATH=/src/vendor/bundle/bin:$PATH
+
+RUN bundle install
+
+COPY . .
+
+CMD ["rspec"]

data/Gemfile

@@ -0,0 +1,18 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in omniauth-google-id-token.gemspec
+gemspec
+
+group :test, :development do
+  gem 'googleauth'
+  gem 'jwt' # For testing
+  gem 'multi_json' # For testing
+  gem 'omniauth'
+
+  gem 'coveralls_reborn'
+  gem 'rack-test'
+  gem 'rest-client', '~> 1.8.0'
+  gem 'rubocop', require: false
+  gem 'simplecov-lcov'
+  gem 'webmock'
+end

data/Guardfile

@@ -0,0 +1,8 @@
+# A sample Guardfile
+# More info at https://github.com/guard/guard#readme
+
+guard :rspec do
+  watch(%r{^spec/.+_spec\.rb$})
+  watch(%r{^lib/(.+)\.rb$})     { |m| "spec/lib/#{m[1]}_spec.rb" }
+  watch('spec/spec_helper.rb')  { "spec" }
+end

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2018 MasteryConnect Inc.
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,83 @@
+# OmniAuth::GoogleIdToken
+
+A [omnitauth](https://github.com/omniauth/omniauth) strategy primarily used for validating Google ID tokens
+(JWT encoded) generated by Google authentication servers. As with other Omniauth strategies, it can also
+redirect to Google's Sign In page.
+
+As a validation strategy only this used by backend servers to validate Google ID tokens (Google
+authenticated users) passed on by mobile or webapps e.g.
+[ios](https://developers.google.com/identity/sign-in/ios/backend-auth),
+[Android](https://developers.google.com/identity/sign-in/android/backend-auth),
+[websites](https://developers.google.com/identity/sign-in/web/backend-auth).
+
+This makes use of [google-id-token](https://github.com/google/google-id-token) for validating the ID token.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'omniauth-google-id-token'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install omniauth-google-id-token
+
+## Usage
+
+You use OmniAuth::Strategies::GoogleIdToken just like you do any other OmniAuth strategy:
+
+```ruby
+use OmniAuth::Strategies::GoogleIdToken, aud_claim: '123.apps.googleusercontent.com', azp_claim: '123.apps.googleusercontent.com'
+```
+
+If this strategy is used primarily for validating a Google ID token, then the only required fields are
+aud_claim and azp_claim.
+
+If this strategy is also used for redirecting a user to the Google Sign In page before validation,
+then a client_id is also required. An example of the URL can be found at
+https://developers.google.com/identity/protocols/OAuth2WebServer#handlingresponse Sample OAuth 2.0 server
+response section.
+
+* **name:** The name of the strategy. The default name is `google_id_token` but it can be changed to any value, for
+  example `google`. The OmniAuth URL will thus change to `/auth/google` and the `provider` key in the auth hash will
+  then return `google`.
+* **cert:** the x509 certificate can be provided to manually define a certificate to validate the tokens.
+* **expiry:** Expiry defines the the time (in seconds) in which the cached Google certificates are valid.
+* **uid_claim:** this determines which claim will be used to uniquely identify the user. Defaults
+  to `email`
+* **client_id:** The client ID string that you obtain from the [API Console](https://console.developers.google.com/),
+  as described in [Obtain OAuth 2.0 credentials](https://developers.google.com/identity/protocols/OpenIDConnect#getcredentials)
+* **aud_claim:** Identifies the audience that this ID token is intended for. It must be one of the OAuth 2.0 client
+  IDs of your application
+* **azp_claim:** The client_id of the authorized presenter. This claim is only needed when the party requesting the
+  ID token is not the same as the audience of the ID token. This may be the case at Google for hybrid apps where a
+  web application and Android app have a different client_id but share the same project.
+* **required_claims:** array of claims that are required to make this a valid authentication call.
+  Defaults to `['name', 'email']`
+* **info_map:** array mapping claim values to info hash values. Defaults to mapping `name` and `email`
+  to the same in the info hash.
+
+### Authentication Process
+
+When you authenticate through `omniauth-google-id-token` you can send users to `/auth/googleidtoken`
+and it will redirect them to the URL https://accounts.google.com/o/oauth2/auth (and example can be
+found at https://developers.google.com/identity/protocols/OAuth2WebServer#handlingresponse
+Sample OAuth 2.0 server response).
+
+From there, Google generates a ID token and sends to the redirect_uri passed in URL query params.
+The redirect_uri will look like '/auth/googleidtoken/callback`. This is the endpoint to send the id token
+to if coming from a mobile or web app looking to validate a user with the backend server:
+
+    /auth/googleidtoken/callback?id_token=ENCODEDJWTGOESHERE
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new
+
+task :default => :spec

data/build.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+if [ ! -f Gemfile.lock ]; then
+  docker run --rm -v "$PWD":/src -w /src ruby:2.5 bundle install --binstubs=/src/vendor/bundle/bin --path=/src/vendor/bundle
+fi
+
+docker build -t omniauth-google-id-token .
+
+docker run --rm -v "$PWD":/src -w /src omniauth-google-id-token bundle install

data/docker-compose.yml

@@ -0,0 +1,8 @@
+version: '3'
+services:
+  spec:
+    build: .
+    image: omniauth-google-id-token:latest
+    command: tail -f /dev/null
+    volumes:
+      - .:/src

data/lib/omniauth/google_id_token/version.rb

@@ -0,0 +1,5 @@
+module OmniAuth
+  module GoogleIdToken
+    VERSION = '1.0.0'.freeze
+  end
+end

data/lib/omniauth/google_id_token.rb

@@ -0,0 +1,2 @@
+require 'omniauth/google_id_token/version'
+require 'omniauth/strategies/google_id_token'

data/lib/omniauth/strategies/google_id_token.rb

@@ -0,0 +1,91 @@
+require 'omniauth'
+require 'googleauth'
+module OmniAuth
+  module Strategies
+    class GoogleIdToken
+      include OmniAuth::Strategy
+
+      class ClaimInvalid < StandardError; end
+
+      def self.inherited(subclass) # rubocop:disable Lint/MissingSuper
+        OmniAuth::Strategy.included(subclass)
+      end
+
+      BASE_SCOPES = %w[profile email openid].freeze
+      RESPONSE_TYPES = %w[token id_token].freeze
+
+      option :name, 'google_id_token'
+      option :uid_claim, 'sub'
+      option :client_id, nil # Required for request_phase e.g. redirect to auth page
+      option :aud_claim, nil
+      option :azp_claim, nil
+      option :iss_claim, nil
+      option :required_claims, %w[email]
+      option :info_map, { 'name' => 'name', 'email' => 'email' }
+
+      def request_phase
+        redirect URI::HTTPS.build(host: 'accounts.google.com', path: '/o/oauth2/auth', query: URI.encode_www_form(authorize_params)).to_s.gsub( # rubocop:disable Layout/LineLength
+          /\+/, '%20'
+        )
+      end
+
+      def authorize_params # rubocop:disable Metrics/AbcSize
+        params = {}
+        params[:scope] = BASE_SCOPES.join(' ')
+        params[:access_type] = 'offline'
+        params[:include_granted_scopes] = true
+        params[:state] = SecureRandom.hex(24)
+        session['omniauth.state'] = params[:state]
+        params[:redirect_uri] = callback_url
+        params[:response_type] = RESPONSE_TYPES.join(' ')
+        params[:client_id] = options.client_id
+        params
+      end
+
+      def decoded # rubocop:disable Metrics/AbcSize,Metrics/MethodLength
+        unless @decoded
+          begin
+            @decoded = validator.verify_oidc(request.params['id_token'], aud: options.aud_claim, azp: options.azp_claim)
+          rescue StandardError => e
+            raise ClaimInvalid, e.message
+          end
+        end
+
+        (options.required_claims || []).each do |field|
+          raise ClaimInvalid, "Missing required '#{field}' claim." unless @decoded.key?(field.to_s)
+        end
+        @decoded
+      end
+
+      def callback_phase
+        super
+      rescue ClaimInvalid => e
+        fail! :claim_invalid, e
+      end
+
+      uid do
+        decoded[options.uid_claim]
+      end
+
+      extra do
+        { raw_info: decoded }
+      end
+
+      info do
+        options.info_map.each_with_object({}) do |(k, v), h|
+          h[k.to_s] = decoded[v.to_s]
+        end
+      end
+
+      private
+
+      def validator
+        ::Google::Auth::IDTokens::Verifier
+      end
+
+      def uid_lookup
+        @uid_lookup ||= options.uid_claim.new(request)
+      end
+    end
+  end
+end

data/lib/omniauth-google-id-token.rb

@@ -0,0 +1 @@
+require "omniauth/google_id_token"

data/omniauth-google-id-token.gemspec

@@ -0,0 +1,28 @@
+lib = File.expand_path('lib', __dir__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'omniauth/google_id_token/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'omniauth-google-id-token'
+  spec.version       = OmniAuth::GoogleIdToken::VERSION
+  spec.authors       = ['Joshua Morris', 'Ho Trung Nhan']
+  spec.email         = ['hotrungnhan29@gmail.com']
+  spec.description   = 'An OmniAuth strategy to validate Google id tokens.'
+  spec.summary       = 'An OmniAuth strategy to validate Google id tokens.'
+  spec.homepage      = 'https://github.com/hotrungnhan/omniauth-google-id-token'
+  spec.license       = 'MIT'
+
+  spec.files         = `git ls-files`.split("\n")
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ['lib']
+
+  spec.add_development_dependency 'bundler', '~> 2.4.21'
+  spec.add_development_dependency 'guard', '~> 2.14'
+  spec.add_development_dependency 'guard-rspec', '~> 4.7'
+  spec.add_development_dependency 'rack-test', '~> 0.8'
+  spec.add_development_dependency 'rake', '~> 12.3'
+  spec.add_development_dependency 'rspec', '~> 3.7'
+
+  spec.add_runtime_dependency 'googleauth', '~> 1.8.1'
+  spec.add_runtime_dependency 'omniauth', '~> 1.9.2'
+end

data/rspec.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+docker-compose run spec rspec

data/spec/lib/omniauth/strategies/google_id_token_spec.rb

@@ -0,0 +1,99 @@
+require 'spec_helper'
+require 'multi_json'
+require 'jwt'
+
+describe OmniAuth::Strategies::GoogleIdToken do # rubocop:disable Metrics/BlockLength
+  let(:rsa_private) { OpenSSL::PKey::RSA.generate 512 }
+  let(:rsa_public) { rsa_private.public_key }
+
+  let(:response_json) { MultiJson.load(last_response.body) }
+  let(:id_token) { 'tokensss' }
+  let(:payload) do
+    { 'iss' => 'https://accounts.google.com',
+      'nbf' => 161_803_398_874,
+      'aud' => 'http://example.com',
+      'sub' => '3141592653589793238',
+      'hd' => 'gmail.com',
+      'email' => 'bob@example.com',
+      'email_verified' => true,
+      'azp' => '314159265-pi.apps.googleusercontent.com',
+      'name' => 'Elisa Beckett',
+      'picture' => 'https://lh3.googleusercontent.com/a-/e2718281828459045235360uler',
+      'given_name' => 'Elisa',
+      'family_name' => 'Beckett',
+      'iat' => 1_596_474_000,
+      'exp' => 1_596_477_600,
+      'jti' => 'abc161803398874def' }
+  end
+  let(:aud_claim) { payload[:aud] }
+  let(:azp_claim) { payload[:azp] }
+
+  let(:client_id) { 'test_client_id' }
+  let(:args) do
+    [
+      {
+        aud_claim: payload[:aud],
+        azp_claim: payload[:azp],
+        client_id: client_id
+      }
+    ]
+  end
+
+  let(:app)  do
+    the_args = args
+    Rack::Builder.new do |b|
+      b.use Rack::Session::Cookie, secret: 'sekrit'
+      b.use OmniAuth::Strategies::GoogleIdToken, *the_args
+      b.run ->(env) { [200, {}, [(env['omniauth.auth'] || {}).to_json]] }
+    end
+  end
+
+  let(:api_url) { '/auth/google_id_token' }
+
+  describe 'Subclassing Behavior' do
+    subject { fresh_strategy }
+
+    it 'performs the OmniAuth::Strategy included hook' do
+      expect(OmniAuth.strategies).to include(OmniAuth::Strategies::GoogleIdToken)
+    end
+  end
+
+  describe 'request phase' do
+    it 'should redirect to the configured login url' do
+      post api_url
+      expect(last_response.status).to eq(302)
+      expect(last_response.headers['Location'].gsub(/&state=[0-9a-z]*/,
+                                                    '')).to eq('https://accounts.google.com/o/oauth2/auth?scope=profile%20email%20openid&access_type=offline&include_granted_scopes=true&redirect_uri=http%3A%2F%2Fexample.org%2Fauth%2Fgoogle_id_token%2Fcallback&response_type=token%20id_token&client_id=test_client_id')
+      # Removed state random field
+    end
+  end
+
+  context 'callback phase' do
+    it 'should decode the response' do
+      allow(::Google::Auth::IDTokens::Verifier).to receive(:verify_oidc)
+        .with(id_token, aud: aud_claim, azp: azp_claim)
+        .and_return(payload)
+
+      post "#{api_url}/callback", id_token: id_token
+      expect(response_json['info']['email']).to eq('bob@example.com')
+    end
+
+    it 'should not work without required fields' do
+      payload.delete('email')
+      allow(::Google::Auth::IDTokens::Verifier).to receive(:verify_oidc)
+        .with(id_token, aud: aud_claim, azp: azp_claim)
+        .and_return(payload)
+
+      post "#{api_url}/callback", id_token: id_token
+      expect(last_response.status).to eq(302)
+    end
+
+    it 'should assign the uid' do
+      allow(::Google::Auth::IDTokens::Verifier).to receive(:verify_oidc)
+        .with(id_token, aud: aud_claim, azp: azp_claim)
+        .and_return(payload)
+      post "#{api_url}/callback", id_token: id_token
+      expect(response_json['uid']).to eq('3141592653589793238')
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,35 @@
+$LOAD_PATH.unshift File.expand_path(__dir__)
+$LOAD_PATH.unshift File.expand_path('../lib', __dir__)
+
+if RUBY_VERSION >= '1.9'
+  require 'simplecov'
+  require 'simplecov-lcov'
+  require 'coveralls'
+
+  SimpleCov::Formatter::LcovFormatter.config.report_with_single_file = true
+
+  SimpleCov.formatters = [
+    SimpleCov::Formatter::HTMLFormatter,
+    SimpleCov::Formatter::LcovFormatter,
+    Coveralls::SimpleCov::Formatter
+  ]
+
+  SimpleCov.start do
+    minimum_coverage(78.48)
+  end
+end
+
+require 'rspec'
+require 'rack/test'
+require 'webmock/rspec'
+require 'omniauth'
+require 'omniauth-google-id-token'
+
+RSpec.configure do |config|
+  config.expect_with :rspec do |c|
+    c.syntax = :expect
+  end
+  config.extend OmniAuth::Test::StrategyMacros, type: :strategy
+  config.include Rack::Test::Methods
+  config.include WebMock::API
+end

metadata

@@ -0,0 +1,176 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-google-id-token
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Joshua Morris
+- Ho Trung Nhan
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2023-11-09 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.4.21
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.4.21
+- !ruby/object:Gem::Dependency
+  name: guard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.14'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.14'
+- !ruby/object:Gem::Dependency
+  name: guard-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.7'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.3'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.7'
+- !ruby/object:Gem::Dependency
+  name: googleauth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.8.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.8.1
+- !ruby/object:Gem::Dependency
+  name: omniauth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.9.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.9.2
+description: An OmniAuth strategy to validate Google id tokens.
+email:
+- hotrungnhan29@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- Dockerfile
+- Gemfile
+- Guardfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- build.sh
+- docker-compose.yml
+- lib/omniauth-google-id-token.rb
+- lib/omniauth/google_id_token.rb
+- lib/omniauth/google_id_token/version.rb
+- lib/omniauth/strategies/google_id_token.rb
+- omniauth-google-id-token.gemspec
+- rspec.sh
+- spec/lib/omniauth/strategies/google_id_token_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/hotrungnhan/omniauth-google-id-token
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.4.21
+signing_key:
+specification_version: 4
+summary: An OmniAuth strategy to validate Google id tokens.
+test_files:
+- spec/lib/omniauth/strategies/google_id_token_spec.rb
+- spec/spec_helper.rb