omniauth-google-id-token 1.1.3 → 1.1.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +25 -12
- data/lib/omniauth/google_id_token/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 935df22bbb30216ef788fd2ca70a1b41fe8eeb00668861019cb6df02e0f6323e
|
|
4
|
+
data.tar.gz: 65e44a9a715f39ae15094d4d38a0247b07a666e1b0d8f0a84f87bd9ba8c14eb4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c70f4af7a562d110079e62ca2356e406317184467d47f8035b9f049e43fd7f9a5279b4d744a8a602da2ebf39ab6fe24e938b4bd4eff2a5034c2b520b7bcb4290
|
|
7
|
+
data.tar.gz: 30ed3ce0405a67f921a33a5dcbfea7afdf774c19dca780d304b5cf38183b88f01c20a99530d8af103ea1ed1606a1b7d99fdd5fcf568d20d505c7b835aeff818d
|
data/README.md
CHANGED
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# I haven't update readme yet, please read source make sure you use right option.
|
|
2
|
+
|
|
3
|
+
`lib/omniauth/strategies/google_id_token.rb`
|
|
4
|
+
|
|
5
|
+
|
|
1
6
|
# OmniAuth::GoogleIdToken
|
|
2
7
|
|
|
3
8
|
A [omnitauth](https://github.com/omniauth/omniauth) strategy primarily used for validating Google ID tokens
|
|
@@ -31,7 +36,21 @@ Or install it yourself as:
|
|
|
31
36
|
You use OmniAuth::Strategies::GoogleIdToken just like you do any other OmniAuth strategy:
|
|
32
37
|
|
|
33
38
|
```ruby
|
|
34
|
-
use OmniAuth::
|
|
39
|
+
Rails.application.config.middleware.use OmniAuth::Builder do
|
|
40
|
+
provider :developer, :callback_path => "/nexus-api/auth/developer/callback", provider_ignores_state: true if Rails.env.development?
|
|
41
|
+
# provider :google-oauth2, ENV['GOOGLE_CLIENT_ID'], ENV['GOOGLE_CLIENT_SECRET'], scope: 'email, profile', provider_ignores_state: true , :callback_path => "/nexus-api/auth/google-oauth2/callback"
|
|
42
|
+
|
|
43
|
+
|
|
44
|
+
provider :'google-id-token', client_id: ENV['GOOGLE_CLIENT_ID']
|
|
45
|
+
# or
|
|
46
|
+
# to rename the provider
|
|
47
|
+
use OmniAuth::Strategies::GoogleIdToken,name: "google-oauth2", client_id: ENV['GOOGLE_CLIENT_ID']
|
|
48
|
+
|
|
49
|
+
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
OmniAuth.config.allowed_request_methods = %i[get post]
|
|
53
|
+
|
|
35
54
|
```
|
|
36
55
|
|
|
37
56
|
If this strategy is used primarily for validating a Google ID token, then the only required fields are
|
|
@@ -45,34 +64,28 @@ response section.
|
|
|
45
64
|
* **name:** The name of the strategy. The default name is `google_id_token` but it can be changed to any value, for
|
|
46
65
|
example `google`. The OmniAuth URL will thus change to `/auth/google` and the `provider` key in the auth hash will
|
|
47
66
|
then return `google`.
|
|
48
|
-
* **cert:** the x509 certificate can be provided to manually define a certificate to validate the tokens.
|
|
49
|
-
* **expiry:** Expiry defines the the time (in seconds) in which the cached Google certificates are valid.
|
|
50
67
|
* **uid_claim:** this determines which claim will be used to uniquely identify the user. Defaults
|
|
51
|
-
to `
|
|
68
|
+
to `sub`
|
|
52
69
|
* **client_id:** The client ID string that you obtain from the [API Console](https://console.developers.google.com/),
|
|
53
70
|
as described in [Obtain OAuth 2.0 credentials](https://developers.google.com/identity/protocols/OpenIDConnect#getcredentials)
|
|
54
|
-
* **aud_claim:** Identifies the audience that this ID token is intended for. It must be one of the OAuth 2.0 client
|
|
55
|
-
IDs of your application
|
|
56
|
-
* **azp_claim:** The client_id of the authorized presenter. This claim is only needed when the party requesting the
|
|
57
|
-
ID token is not the same as the audience of the ID token. This may be the case at Google for hybrid apps where a
|
|
58
|
-
web application and Android app have a different client_id but share the same project.
|
|
59
71
|
* **required_claims:** array of claims that are required to make this a valid authentication call.
|
|
60
72
|
Defaults to `['name', 'email']`
|
|
73
|
+
* **scope:** array of request data in google api. Defaults to `['name', 'email', 'openid']`
|
|
61
74
|
* **info_map:** array mapping claim values to info hash values. Defaults to mapping `name` and `email`
|
|
62
75
|
to the same in the info hash.
|
|
63
76
|
|
|
64
77
|
### Authentication Process
|
|
65
78
|
|
|
66
|
-
When you authenticate through `omniauth-google-id-token` you can send users to `/auth/
|
|
79
|
+
When you authenticate through `omniauth-google-id-token` you can send users to `/auth/google-id-token`
|
|
67
80
|
and it will redirect them to the URL https://accounts.google.com/o/oauth2/auth (and example can be
|
|
68
81
|
found at https://developers.google.com/identity/protocols/OAuth2WebServer#handlingresponse
|
|
69
82
|
Sample OAuth 2.0 server response).
|
|
70
83
|
|
|
71
84
|
From there, Google generates a ID token and sends to the redirect_uri passed in URL query params.
|
|
72
|
-
The redirect_uri will look like '/auth/
|
|
85
|
+
The redirect_uri will look like '/auth/google-id-token/callback`. This is the endpoint to send the id token
|
|
73
86
|
to if coming from a mobile or web app looking to validate a user with the backend server:
|
|
74
87
|
|
|
75
|
-
/auth/
|
|
88
|
+
/auth/google-id-token/callback?id_token=ENCODEDJWTGOESHERE
|
|
76
89
|
|
|
77
90
|
## Contributing
|
|
78
91
|
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: omniauth-google-id-token
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.1.
|
|
4
|
+
version: 1.1.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Joshua Morris
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2023-11-
|
|
12
|
+
date: 2023-11-10 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: bundler
|