omniauth-google-id-token 1.0.1 → 1.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/omniauth/google_id_token/version.rb +1 -1
  3. data/lib/omniauth/strategies/google_id_token.rb +5 -7
  4. data/spec/lib/omniauth/strategies/google_id_token_spec.rb +8 -6
  5. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e2aa2b59a31980084c88b9763e1b35e9565fc2f5f7044a69f861bcccdd0d3c0a
4
- data.tar.gz: 7888b2347ab53535c57a0db496117901c758f7da25db48170eea2b1885af4483
3
+ metadata.gz: 4b756f006ad3cc0cf614b043370928fd7847e757c5466e5f649828251dba82c8
4
+ data.tar.gz: 1faaa945a752d1b9d9cecc7db14bf0eba54383c494134a44e48ed52ae2dde598
5
5
  SHA512:
6
- metadata.gz: d4134c38ef5de2525a362b0e7de15649cad1a233ea5e1c122355492e9798ce4f7d3e6342054a9b2a63961abd4a72a8f6618b868319f169c4c81031056b06f37e
7
- data.tar.gz: 699c484111f7f4e985e5653c0a2c569d95ee3bbe16cb33868bc222529ae52822d688895b883a40971ee03d3395f6d73e23b670eaca8fa8ee2790e405897a4ead
6
+ metadata.gz: a03ae591d4d6bfde18fe0649912364a1f80c54a98659f5e0bfd6c317dc9ef1017d9bc0e3e268ac4251e2cedce2e8598645cfa726ad9480100cc11603b0f68c66
7
+ data.tar.gz: 755bfe3610a24e8c31a4fa8ce20ade00eff3ef192d8345652574d21868922675dec7625484beaca2d66f7d22cd0d92c80fbfdb557aca3465f74ad164a9150065
data/lib/omniauth/google_id_token/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module OmniAuth
2
2
  module GoogleIdToken
3
- VERSION = '1.0.1'.freeze
3
+ VERSION = '1.1.0'.freeze
4
4
  end
5
5
  end
data/lib/omniauth/strategies/google_id_token.rb CHANGED
@@ -11,15 +11,13 @@ module OmniAuth
11
11
  OmniAuth::Strategy.included(subclass)
12
12
  end
13
13
 
14
- BASE_SCOPES = %w[profile email openid].freeze
15
14
  RESPONSE_TYPES = %w[token id_token].freeze
16
15
 
17
16
  option :name, 'google_id_token'
18
- option :uid_claim, 'sub'
19
17
  option :client_id, nil # Required for request_phase e.g. redirect to auth page
20
- option :aud_claim, nil
21
- option :azp_claim, nil
18
+ option :uid_claim, 'sub'
22
19
  option :required_claims, %w[email]
20
+ option :scope, %w[profile email openid].freeze
23
21
  option :info_map, { 'name' => 'name', 'email' => 'email' }
24
22
 
25
23
  def request_phase
@@ -30,7 +28,7 @@ module OmniAuth
30
28
 
31
29
  def authorize_params # rubocop:disable Metrics/AbcSize
32
30
  params = {}
33
- params[:scope] = BASE_SCOPES.join(' ')
31
+ params[:scope] = options.scope.join(' ')
34
32
  params[:access_type] = 'offline'
35
33
  params[:include_granted_scopes] = true
36
34
  params[:state] = SecureRandom.hex(24)
@@ -41,10 +39,10 @@ module OmniAuth
41
39
  params
42
40
  end
43
41
 
44
- def decoded # rubocop:disable Metrics/AbcSize,Metrics/MethodLength
42
+ def decoded # rubocop:disable Metrics/MethodLength
45
43
  unless @decoded
46
44
  begin
47
- @decoded = validator.verify_oidc(request.params['id_token'], aud: options.aud_claim, azp: options.azp_claim)
45
+ @decoded = validator.verify_oidc(request.params['id_token'], aud: options.client_id)
48
46
  rescue StandardError => e
49
47
  raise ClaimInvalid, e.message
50
48
  end
data/spec/lib/omniauth/strategies/google_id_token_spec.rb CHANGED
@@ -11,7 +11,7 @@ describe OmniAuth::Strategies::GoogleIdToken do # rubocop:disable Metrics/BlockL
11
11
  let(:payload) do
12
12
  { 'iss' => 'https://accounts.google.com',
13
13
  'nbf' => 161_803_398_874,
14
- 'aud' => 'http://example.com',
14
+ 'aud' => 'test_client_id',
15
15
  'sub' => '3141592653589793238',
16
16
  'hd' => 'gmail.com',
17
17
  'email' => 'bob@example.com',
@@ -25,10 +25,9 @@ describe OmniAuth::Strategies::GoogleIdToken do # rubocop:disable Metrics/BlockL
25
25
  'exp' => 1_596_477_600,
26
26
  'jti' => 'abc161803398874def' }
27
27
  end
28
- let(:aud_claim) { payload[:aud] }
28
+ let(:client_id) { payload[:aud] }
29
29
  let(:azp_claim) { payload[:azp] }
30
30
 
31
- let(:client_id) { 'test_client_id' }
32
31
  let(:args) do
33
32
  [
34
33
  {
@@ -59,6 +58,9 @@ describe OmniAuth::Strategies::GoogleIdToken do # rubocop:disable Metrics/BlockL
59
58
  end
60
59
 
61
60
  describe 'request phase' do
61
+ before do
62
+ OmniAuth::AuthenticityTokenProtection.default_options(key: 'csrf.token', authenticity_param: '_csrf')
63
+ end
62
64
  it 'should redirect to the configured login url' do
63
65
  post api_url
64
66
  expect(last_response.status).to eq(302)
@@ -71,7 +73,7 @@ describe OmniAuth::Strategies::GoogleIdToken do # rubocop:disable Metrics/BlockL
71
73
  context 'callback phase' do
72
74
  it 'should decode the response' do
73
75
  allow(::Google::Auth::IDTokens::Verifier).to receive(:verify_oidc)
74
- .with(id_token, aud: aud_claim, azp: azp_claim)
76
+ .with(id_token, aud: client_id)
75
77
  .and_return(payload)
76
78
 
77
79
  post "#{api_url}/callback", id_token: id_token
@@ -81,7 +83,7 @@ describe OmniAuth::Strategies::GoogleIdToken do # rubocop:disable Metrics/BlockL
81
83
  it 'should not work without required fields' do
82
84
  payload.delete('email')
83
85
  allow(::Google::Auth::IDTokens::Verifier).to receive(:verify_oidc)
84
- .with(id_token, aud: aud_claim, azp: azp_claim)
86
+ .with(id_token, aud: client_id)
85
87
  .and_return(payload)
86
88
 
87
89
  post "#{api_url}/callback", id_token: id_token
@@ -90,7 +92,7 @@ describe OmniAuth::Strategies::GoogleIdToken do # rubocop:disable Metrics/BlockL
90
92
 
91
93
  it 'should assign the uid' do
92
94
  allow(::Google::Auth::IDTokens::Verifier).to receive(:verify_oidc)
93
- .with(id_token, aud: aud_claim, azp: azp_claim)
95
+ .with(id_token, aud: client_id)
94
96
  .and_return(payload)
95
97
  post "#{api_url}/callback", id_token: id_token
96
98
  expect(response_json['uid']).to eq('3141592653589793238')
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-google-id-token
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.1
4
+ version: 1.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Joshua Morris