omniauth-google-id-token 1.0.0 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/omniauth/google_id_token/version.rb +1 -1
  3. data/lib/omniauth/strategies/google_id_token.rb +5 -8
  4. data/omniauth-google-id-token.gemspec +1 -1
  5. data/spec/lib/omniauth/strategies/google_id_token_spec.rb +8 -6
  6. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 425802e1587c5e8afa16a3e4b61d535dcd330eb359160c57208b5ab888e3cf8b
4
- data.tar.gz: 3e31bc2a0abd6ba90fc88f5b2cff2bbbca22343ca7e89e281f42020aa9de3665
3
+ metadata.gz: 4b756f006ad3cc0cf614b043370928fd7847e757c5466e5f649828251dba82c8
4
+ data.tar.gz: 1faaa945a752d1b9d9cecc7db14bf0eba54383c494134a44e48ed52ae2dde598
5
5
  SHA512:
6
- metadata.gz: fbf39583b5f0ee0570d4cef96349168ee8884c9179a48c5f35260a34c22f223382fab9fa7223eef9729a6eb8e37b0e8659f4514e3f7a053e5a022a1c7919b31a
7
- data.tar.gz: f18ed904fe16a8aaa6636a1c5ae31412e1824de327aebe38ea632c9170d7db65819905cf69ab8d6d16cc68eca55b4638a3f93dee32d91099932fd3ccc8ad7efb
6
+ metadata.gz: a03ae591d4d6bfde18fe0649912364a1f80c54a98659f5e0bfd6c317dc9ef1017d9bc0e3e268ac4251e2cedce2e8598645cfa726ad9480100cc11603b0f68c66
7
+ data.tar.gz: 755bfe3610a24e8c31a4fa8ce20ade00eff3ef192d8345652574d21868922675dec7625484beaca2d66f7d22cd0d92c80fbfdb557aca3465f74ad164a9150065
data/lib/omniauth/google_id_token/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module OmniAuth
2
2
  module GoogleIdToken
3
- VERSION = '1.0.0'.freeze
3
+ VERSION = '1.1.0'.freeze
4
4
  end
5
5
  end
data/lib/omniauth/strategies/google_id_token.rb CHANGED
@@ -11,16 +11,13 @@ module OmniAuth
11
11
  OmniAuth::Strategy.included(subclass)
12
12
  end
13
13
 
14
- BASE_SCOPES = %w[profile email openid].freeze
15
14
  RESPONSE_TYPES = %w[token id_token].freeze
16
15
 
17
16
  option :name, 'google_id_token'
18
- option :uid_claim, 'sub'
19
17
  option :client_id, nil # Required for request_phase e.g. redirect to auth page
20
- option :aud_claim, nil
21
- option :azp_claim, nil
22
- option :iss_claim, nil
18
+ option :uid_claim, 'sub'
23
19
  option :required_claims, %w[email]
20
+ option :scope, %w[profile email openid].freeze
24
21
  option :info_map, { 'name' => 'name', 'email' => 'email' }
25
22
 
26
23
  def request_phase
@@ -31,7 +28,7 @@ module OmniAuth
31
28
 
32
29
  def authorize_params # rubocop:disable Metrics/AbcSize
33
30
  params = {}
34
- params[:scope] = BASE_SCOPES.join(' ')
31
+ params[:scope] = options.scope.join(' ')
35
32
  params[:access_type] = 'offline'
36
33
  params[:include_granted_scopes] = true
37
34
  params[:state] = SecureRandom.hex(24)
@@ -42,10 +39,10 @@ module OmniAuth
42
39
  params
43
40
  end
44
41
 
45
- def decoded # rubocop:disable Metrics/AbcSize,Metrics/MethodLength
42
+ def decoded # rubocop:disable Metrics/MethodLength
46
43
  unless @decoded
47
44
  begin
48
- @decoded = validator.verify_oidc(request.params['id_token'], aud: options.aud_claim, azp: options.azp_claim)
45
+ @decoded = validator.verify_oidc(request.params['id_token'], aud: options.client_id)
49
46
  rescue StandardError => e
50
47
  raise ClaimInvalid, e.message
51
48
  end
data/omniauth-google-id-token.gemspec CHANGED
@@ -24,5 +24,5 @@ Gem::Specification.new do |spec|
24
24
  spec.add_development_dependency 'rspec', '~> 3.7'
25
25
 
26
26
  spec.add_runtime_dependency 'googleauth', '~> 1.8.1'
27
- spec.add_runtime_dependency 'omniauth', '~> 1.9.2'
27
+ spec.add_runtime_dependency 'omniauth', '~> 2.1.1'
28
28
  end
data/spec/lib/omniauth/strategies/google_id_token_spec.rb CHANGED
@@ -11,7 +11,7 @@ describe OmniAuth::Strategies::GoogleIdToken do # rubocop:disable Metrics/BlockL
11
11
  let(:payload) do
12
12
  { 'iss' => 'https://accounts.google.com',
13
13
  'nbf' => 161_803_398_874,
14
- 'aud' => 'http://example.com',
14
+ 'aud' => 'test_client_id',
15
15
  'sub' => '3141592653589793238',
16
16
  'hd' => 'gmail.com',
17
17
  'email' => 'bob@example.com',
@@ -25,10 +25,9 @@ describe OmniAuth::Strategies::GoogleIdToken do # rubocop:disable Metrics/BlockL
25
25
  'exp' => 1_596_477_600,
26
26
  'jti' => 'abc161803398874def' }
27
27
  end
28
- let(:aud_claim) { payload[:aud] }
28
+ let(:client_id) { payload[:aud] }
29
29
  let(:azp_claim) { payload[:azp] }
30
30
 
31
- let(:client_id) { 'test_client_id' }
32
31
  let(:args) do
33
32
  [
34
33
  {
@@ -59,6 +58,9 @@ describe OmniAuth::Strategies::GoogleIdToken do # rubocop:disable Metrics/BlockL
59
58
  end
60
59
 
61
60
  describe 'request phase' do
61
+ before do
62
+ OmniAuth::AuthenticityTokenProtection.default_options(key: 'csrf.token', authenticity_param: '_csrf')
63
+ end
62
64
  it 'should redirect to the configured login url' do
63
65
  post api_url
64
66
  expect(last_response.status).to eq(302)
@@ -71,7 +73,7 @@ describe OmniAuth::Strategies::GoogleIdToken do # rubocop:disable Metrics/BlockL
71
73
  context 'callback phase' do
72
74
  it 'should decode the response' do
73
75
  allow(::Google::Auth::IDTokens::Verifier).to receive(:verify_oidc)
74
- .with(id_token, aud: aud_claim, azp: azp_claim)
76
+ .with(id_token, aud: client_id)
75
77
  .and_return(payload)
76
78
 
77
79
  post "#{api_url}/callback", id_token: id_token
@@ -81,7 +83,7 @@ describe OmniAuth::Strategies::GoogleIdToken do # rubocop:disable Metrics/BlockL
81
83
  it 'should not work without required fields' do
82
84
  payload.delete('email')
83
85
  allow(::Google::Auth::IDTokens::Verifier).to receive(:verify_oidc)
84
- .with(id_token, aud: aud_claim, azp: azp_claim)
86
+ .with(id_token, aud: client_id)
85
87
  .and_return(payload)
86
88
 
87
89
  post "#{api_url}/callback", id_token: id_token
@@ -90,7 +92,7 @@ describe OmniAuth::Strategies::GoogleIdToken do # rubocop:disable Metrics/BlockL
90
92
 
91
93
  it 'should assign the uid' do
92
94
  allow(::Google::Auth::IDTokens::Verifier).to receive(:verify_oidc)
93
- .with(id_token, aud: aud_claim, azp: azp_claim)
95
+ .with(id_token, aud: client_id)
94
96
  .and_return(payload)
95
97
  post "#{api_url}/callback", id_token: id_token
96
98
  expect(response_json['uid']).to eq('3141592653589793238')
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-google-id-token
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 1.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Joshua Morris
@@ -115,14 +115,14 @@ dependencies:
115
115
  requirements:
116
116
  - - "~>"
117
117
  - !ruby/object:Gem::Version
118
- version: 1.9.2
118
+ version: 2.1.1
119
119
  type: :runtime
120
120
  prerelease: false
121
121
  version_requirements: !ruby/object:Gem::Requirement
122
122
  requirements:
123
123
  - - "~>"
124
124
  - !ruby/object:Gem::Version
125
- version: 1.9.2
125
+ version: 2.1.1
126
126
  description: An OmniAuth strategy to validate Google id tokens.
127
127
  email:
128
128
  - hotrungnhan29@gmail.com