omniauth-google-id-token 1.1.1 → 1.1.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +25 -12
  3. data/lib/omniauth/google_id_token/version.rb +1 -1
  4. data/lib/omniauth/strategies/google_id_token.rb +7 -11
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c02ed8f51100b53f1a10ffd42db64294c227301291cd80560b03bed96e1c6e23
4
- data.tar.gz: e79e6c4ce22a9f3b7a7eb7ab83df37f337208e2e76675c37b23089a90c81e1fe
3
+ metadata.gz: 935df22bbb30216ef788fd2ca70a1b41fe8eeb00668861019cb6df02e0f6323e
4
+ data.tar.gz: 65e44a9a715f39ae15094d4d38a0247b07a666e1b0d8f0a84f87bd9ba8c14eb4
5
5
  SHA512:
6
- metadata.gz: 2f429d86224146727b18ea4b462c81eadfefe070e971e92c099572030a8bacd4d73be63d296b8730e9628e6b075709a3cea6ea3c093fb31abf4b3721b8ab94ee
7
- data.tar.gz: 43672c465cf5ed00ac25ca7f94e3fc0d555d22dca99a97af5a19b043fd89863d5e4ac63d0189a300df38a7e94ce6c1bd764556ab0da89b2a10babf43feac8fdf
6
+ metadata.gz: c70f4af7a562d110079e62ca2356e406317184467d47f8035b9f049e43fd7f9a5279b4d744a8a602da2ebf39ab6fe24e938b4bd4eff2a5034c2b520b7bcb4290
7
+ data.tar.gz: 30ed3ce0405a67f921a33a5dcbfea7afdf774c19dca780d304b5cf38183b88f01c20a99530d8af103ea1ed1606a1b7d99fdd5fcf568d20d505c7b835aeff818d
data/README.md CHANGED
@@ -1,3 +1,8 @@
1
+ # I haven't update readme yet, please read source make sure you use right option.
2
+
3
+ `lib/omniauth/strategies/google_id_token.rb`
4
+
5
+
1
6
  # OmniAuth::GoogleIdToken
2
7
 
3
8
  A [omnitauth](https://github.com/omniauth/omniauth) strategy primarily used for validating Google ID tokens
@@ -31,7 +36,21 @@ Or install it yourself as:
31
36
  You use OmniAuth::Strategies::GoogleIdToken just like you do any other OmniAuth strategy:
32
37
 
33
38
  ```ruby
34
- use OmniAuth::Strategies::GoogleIdToken, aud_claim: '123.apps.googleusercontent.com', azp_claim: '123.apps.googleusercontent.com'
39
+ Rails.application.config.middleware.use OmniAuth::Builder do
40
+ provider :developer, :callback_path => "/nexus-api/auth/developer/callback", provider_ignores_state: true if Rails.env.development?
41
+ # provider :google-oauth2, ENV['GOOGLE_CLIENT_ID'], ENV['GOOGLE_CLIENT_SECRET'], scope: 'email, profile', provider_ignores_state: true , :callback_path => "/nexus-api/auth/google-oauth2/callback"
42
+
43
+
44
+ provider :'google-id-token', client_id: ENV['GOOGLE_CLIENT_ID']
45
+ # or
46
+ # to rename the provider
47
+ use OmniAuth::Strategies::GoogleIdToken,name: "google-oauth2", client_id: ENV['GOOGLE_CLIENT_ID']
48
+
49
+
50
+ end
51
+
52
+ OmniAuth.config.allowed_request_methods = %i[get post]
53
+
35
54
  ```
36
55
 
37
56
  If this strategy is used primarily for validating a Google ID token, then the only required fields are
@@ -45,34 +64,28 @@ response section.
45
64
  * **name:** The name of the strategy. The default name is `google_id_token` but it can be changed to any value, for
46
65
  example `google`. The OmniAuth URL will thus change to `/auth/google` and the `provider` key in the auth hash will
47
66
  then return `google`.
48
- * **cert:** the x509 certificate can be provided to manually define a certificate to validate the tokens.
49
- * **expiry:** Expiry defines the the time (in seconds) in which the cached Google certificates are valid.
50
67
  * **uid_claim:** this determines which claim will be used to uniquely identify the user. Defaults
51
- to `email`
68
+ to `sub`
52
69
  * **client_id:** The client ID string that you obtain from the [API Console](https://console.developers.google.com/),
53
70
  as described in [Obtain OAuth 2.0 credentials](https://developers.google.com/identity/protocols/OpenIDConnect#getcredentials)
54
- * **aud_claim:** Identifies the audience that this ID token is intended for. It must be one of the OAuth 2.0 client
55
- IDs of your application
56
- * **azp_claim:** The client_id of the authorized presenter. This claim is only needed when the party requesting the
57
- ID token is not the same as the audience of the ID token. This may be the case at Google for hybrid apps where a
58
- web application and Android app have a different client_id but share the same project.
59
71
  * **required_claims:** array of claims that are required to make this a valid authentication call.
60
72
  Defaults to `['name', 'email']`
73
+ * **scope:** array of request data in google api. Defaults to `['name', 'email', 'openid']`
61
74
  * **info_map:** array mapping claim values to info hash values. Defaults to mapping `name` and `email`
62
75
  to the same in the info hash.
63
76
 
64
77
  ### Authentication Process
65
78
 
66
- When you authenticate through `omniauth-google-id-token` you can send users to `/auth/googleidtoken`
79
+ When you authenticate through `omniauth-google-id-token` you can send users to `/auth/google-id-token`
67
80
  and it will redirect them to the URL https://accounts.google.com/o/oauth2/auth (and example can be
68
81
  found at https://developers.google.com/identity/protocols/OAuth2WebServer#handlingresponse
69
82
  Sample OAuth 2.0 server response).
70
83
 
71
84
  From there, Google generates a ID token and sends to the redirect_uri passed in URL query params.
72
- The redirect_uri will look like '/auth/googleidtoken/callback`. This is the endpoint to send the id token
85
+ The redirect_uri will look like '/auth/google-id-token/callback`. This is the endpoint to send the id token
73
86
  to if coming from a mobile or web app looking to validate a user with the backend server:
74
87
 
75
- /auth/googleidtoken/callback?id_token=ENCODEDJWTGOESHERE
88
+ /auth/google-id-token/callback?id_token=ENCODEDJWTGOESHERE
76
89
 
77
90
  ## Contributing
78
91
 
data/lib/omniauth/google_id_token/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module OmniAuth
2
2
  module GoogleIdToken
3
- VERSION = '1.1.1'.freeze
3
+ VERSION = '1.1.4'.freeze
4
4
  end
5
5
  end
data/lib/omniauth/strategies/google_id_token.rb CHANGED
@@ -39,13 +39,13 @@ module OmniAuth
39
39
  params
40
40
  end
41
41
 
42
- def decoded # rubocop:disable Metrics/MethodLength
43
- unless @decoded
44
- begin
45
- @decoded = validator.verify_oidc(request.params['id_token'], aud: options.client_id)
46
- rescue StandardError => e
47
- raise ClaimInvalid, e.message
48
- end
42
+ def decoded # rubocop:disable Metrics/AbcSize
43
+ raise ClaimInvalid, 'Token not found!' unless request.params.key?('id_token')
44
+
45
+ begin
46
+ @decoded = ::Google::Auth::IDTokens.verify_oidc(request.params['id_token'], aud: options.client_id)
47
+ rescue StandardError => e
48
+ raise ClaimInvalid, e.message
49
49
  end
50
50
 
51
51
  (options.required_claims || []).each do |field|
@@ -76,10 +76,6 @@ module OmniAuth
76
76
 
77
77
  private
78
78
 
79
- def validator
80
- ::Google::Auth::IDTokens
81
- end
82
-
83
79
  def uid_lookup
84
80
  @uid_lookup ||= options.uid_claim.new(request)
85
81
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-google-id-token
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.1
4
+ version: 1.1.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Joshua Morris
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2023-11-09 00:00:00.000000000 Z
12
+ date: 2023-11-10 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: bundler