omniauth-google-id-token 1.1.0 → 1.1.3
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2b9cb7b7839da58f2239f9224c664972d865e66956088790db7275548664ce76
|
|
4
|
+
data.tar.gz: 8ad8ad7214c796bc2836e79b0b3e58f9ab98eb50e20b2fbaaa188be7e07d015a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 50ed1f84e0399305cbb0e4903e92fce1a83e8c2e238f3490accc1a427e86517348537f94ccacd46db2ff92fbe41b80123b3736dfcd5f825cccbe8771236b726b
|
|
7
|
+
data.tar.gz: 9329c75e85089d0d5935e7713e073a540bc36bed65b971ad26114ad3463ea7057d6c86373bfcf5b2174d89bfd95e3ce5dd6e45cbfe1ccaf60aac94e064598853
|
data/Gemfile
CHANGED
|
@@ -39,13 +39,13 @@ module OmniAuth
|
|
|
39
39
|
params
|
|
40
40
|
end
|
|
41
41
|
|
|
42
|
-
def decoded # rubocop:disable Metrics/
|
|
43
|
-
unless
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
42
|
+
def decoded # rubocop:disable Metrics/AbcSize
|
|
43
|
+
raise ClaimInvalid, 'Token not found!' unless request.params.key?('id_token')
|
|
44
|
+
|
|
45
|
+
begin
|
|
46
|
+
@decoded = ::Google::Auth::IDTokens.verify_oidc(request.params['id_token'], aud: options.client_id)
|
|
47
|
+
rescue StandardError => e
|
|
48
|
+
raise ClaimInvalid, e.message
|
|
49
49
|
end
|
|
50
50
|
|
|
51
51
|
(options.required_claims || []).each do |field|
|
|
@@ -76,10 +76,6 @@ module OmniAuth
|
|
|
76
76
|
|
|
77
77
|
private
|
|
78
78
|
|
|
79
|
-
def validator
|
|
80
|
-
::Google::Auth::IDTokens::Verifier
|
|
81
|
-
end
|
|
82
|
-
|
|
83
79
|
def uid_lookup
|
|
84
80
|
@uid_lookup ||= options.uid_claim.new(request)
|
|
85
81
|
end
|
|
@@ -33,7 +33,8 @@ describe OmniAuth::Strategies::GoogleIdToken do # rubocop:disable Metrics/BlockL
|
|
|
33
33
|
{
|
|
34
34
|
aud_claim: payload[:aud],
|
|
35
35
|
azp_claim: payload[:azp],
|
|
36
|
-
client_id: client_id
|
|
36
|
+
client_id: client_id,
|
|
37
|
+
provider_ignores_state: true
|
|
37
38
|
}
|
|
38
39
|
]
|
|
39
40
|
end
|
|
@@ -72,7 +73,7 @@ describe OmniAuth::Strategies::GoogleIdToken do # rubocop:disable Metrics/BlockL
|
|
|
72
73
|
|
|
73
74
|
context 'callback phase' do
|
|
74
75
|
it 'should decode the response' do
|
|
75
|
-
allow(::Google::Auth::IDTokens
|
|
76
|
+
allow(::Google::Auth::IDTokens).to receive(:verify_oidc)
|
|
76
77
|
.with(id_token, aud: client_id)
|
|
77
78
|
.and_return(payload)
|
|
78
79
|
|
|
@@ -82,7 +83,7 @@ describe OmniAuth::Strategies::GoogleIdToken do # rubocop:disable Metrics/BlockL
|
|
|
82
83
|
|
|
83
84
|
it 'should not work without required fields' do
|
|
84
85
|
payload.delete('email')
|
|
85
|
-
allow(::Google::Auth::IDTokens
|
|
86
|
+
allow(::Google::Auth::IDTokens).to receive(:verify_oidc)
|
|
86
87
|
.with(id_token, aud: client_id)
|
|
87
88
|
.and_return(payload)
|
|
88
89
|
|
|
@@ -91,7 +92,7 @@ describe OmniAuth::Strategies::GoogleIdToken do # rubocop:disable Metrics/BlockL
|
|
|
91
92
|
end
|
|
92
93
|
|
|
93
94
|
it 'should assign the uid' do
|
|
94
|
-
allow(::Google::Auth::IDTokens
|
|
95
|
+
allow(::Google::Auth::IDTokens).to receive(:verify_oidc)
|
|
95
96
|
.with(id_token, aud: client_id)
|
|
96
97
|
.and_return(payload)
|
|
97
98
|
post "#{api_url}/callback", id_token: id_token
|