omniauth-google-oauth2 0.2.10 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3ede9c8b2ed21745e5e2455baa4bffa9b080a5af
-  data.tar.gz: 5a7c985d8e1940b7cf07ab4dcf8025491ec69e38
+  metadata.gz: c7d06ea95829577b987b0c3f38361bbf0d53ac9c
+  data.tar.gz: ddade281a6be78eb43318effaee6fe1eb0c748ca
 SHA512:
-  metadata.gz: 4d52a2e108594667e40b2334d7d5fdf3624ca2390cb7099b663747586765dc0ee0ba7527578fd4db43e2b16d82a703701be07346eef148c32e2e2e7fdfa45bb8
-  data.tar.gz: 06ec6644022308248167bceea0ff590b6964b24dd548497610ac28a6bd5cad64b38948caa8ca21ca4cf5a94566bfb6b9f595c5311375461ecd8d005c4eb33c7f
+  metadata.gz: 8515c0e13e3eeb43fb96b53ffd989126044dddf06c3f6e510b903eee69edc49cde9915e82d547fe77004124c5dbd6eec1166a3cbe78b1e9795a56228df540c9e
+  data.tar.gz: 41c8b9757efade6cf94c50f29d564c94286f2debb2bb8ed9983923d964b3a6076debb238a02cb92488cd590d6937a8c8b583305076d88be59aa7146c86f8132f

data/CHANGELOG.md

@@ -1,6 +1,20 @@
 # Changelog
 All notable changes to this project will be documented in this file.
 
+## 0.3.0 - 2016-01-09
+
+### Added
+- Updated verify_token to use the v3 tokeninfo endpoint.
+
+### Deprecated
+- Nothing.
+
+### Removed
+- Nothing.
+
+### Fixed
+- Compatibility with omniauth-oauth2 1.4.0
+
 ## 0.2.10 - 2015-11-05
 
 ### Added

data/README.md

@@ -67,7 +67,7 @@ You can configure several options, which you pass in to the `provider` method vi
 
 * `name`: The name of the strategy. The default name is `google_oauth2` but it can be changed to any value, for example `google`. The OmniAuth URL will thus change to `/auth/google` and the `provider` key in the auth hash will then return `google`.
 
-* `access_type`: Defaults to `offline`, so a refresh token is sent to be used when the user is not present at the browser. Can be set to `online`. Note that if you need a refresh token, google requires you to also to specify the option `prompt: 'consent'`, which is not a default.
+* `access_type`: Defaults to `offline`, so a refresh token is sent to be used when the user is not present at the browser. Can be set to `online`. More about [offline access](https://developers.google.com/identity/protocols/OAuth2WebServer#offline)
 
 * `hd`: (Optional) Limit sign-in to a particular Google Apps hosted domain.  More information at: https://developers.google.com/accounts/docs/OpenIDConnect#hd-param
 
@@ -245,8 +245,8 @@ window.gpAsyncInit = function() {
     }, function(response) {
       if (response && !response.error) {
         // google authentication succeed, now post data to server and handle data securely
-        jQuery.ajax({type: 'POST', url: "/auth/google_oauth2/callback", dataType: 'json', data: response,
-          success: function(json) {
+        jQuery.ajax({type: 'POST', url: "/auth/google_oauth2/callback", data: response,
+          success: function(data) {
             // response from server
           }
         });

data/examples/omni_auth.rb

@@ -11,11 +11,9 @@ Rails.application.config.middleware.use OmniAuth::Builder do
   }
 
   # Manual setup for offline access with a refresh token.
-  # The prompt must be set to 'consent'
   #
   # provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'], {
   #   :access_type => 'offline',
-  #   :prompt => 'consent'
   # }
 
   # Custom scope supporting youtube. If you are customizing scopes, remember

data/lib/omniauth/google_oauth2/version.rb

@@ -1,5 +1,5 @@
 module OmniAuth
   module GoogleOauth2
-    VERSION = "0.2.10"
+    VERSION = "0.3.0"
   end
 end

data/lib/omniauth/strategies/google_oauth2.rb

@@ -100,14 +100,18 @@ module OmniAuth
         elsif verify_token(request.params['access_token'])
           ::OAuth2::AccessToken.from_hash(client, request.params.dup)
         else
-          orig_build_access_token
+          verifier = request.params["code"]
+          client.auth_code.get_token(verifier, get_token_options(callback_url), deep_symbolize(options.auth_token_params))
         end
       end
-      alias_method :orig_build_access_token, :build_access_token
       alias_method :build_access_token, :custom_build_access_token
 
       private
 
+      def callback_url
+        options[:redirect_uri] || (full_host + script_name + callback_path)
+      end
+
       def get_token_options(redirect_uri)
         { :redirect_uri => redirect_uri }.merge(token_params.to_hash(:symbolize_keys => true))
       end
@@ -171,9 +175,9 @@ module OmniAuth
 
       def verify_token(access_token)
         return false unless access_token
-        raw_response = client.request(:get, 'https://www.googleapis.com/oauth2/v2/tokeninfo',
+        raw_response = client.request(:get, 'https://www.googleapis.com/oauth2/v3/tokeninfo',
                                       params: { access_token: access_token }).parsed
-        raw_response['issued_to'] == options.client_id
+        raw_response['aud'] == options.client_id
       end
     end
   end

data/omniauth-google-oauth2.gemspec

@@ -15,7 +15,7 @@ Gem::Specification.new do |gem|
   gem.require_paths = ["lib"]
 
   gem.add_runtime_dependency 'omniauth', '>= 1.1.1'
-  gem.add_runtime_dependency 'omniauth-oauth2', '~> 1.3.1'
+  gem.add_runtime_dependency 'omniauth-oauth2', '>= 1.3.1'
   gem.add_runtime_dependency 'jwt', '~> 1.0'
   gem.add_runtime_dependency 'multi_json', '~> 1.3'
   gem.add_runtime_dependency 'addressable', '~> 2.3'

data/spec/omniauth/strategies/google_oauth2_spec.rb

@@ -255,9 +255,15 @@ describe OmniAuth::Strategies::GoogleOauth2 do
   end
 
   describe '#callback_path' do
-    it 'has the correct callback path' do
+    it 'has the correct default callback path' do
       expect(subject.callback_path).to eq('/auth/google_oauth2/callback')
     end
+
+    it 'should set the callback_path parameter if present' do
+      @options = {:callback_path => '/auth/foo/callback'}
+      expect(subject.callback_path).to eq('/auth/foo/callback')
+    end
+
   end
 
   describe '#extra' do
@@ -531,10 +537,17 @@ describe OmniAuth::Strategies::GoogleOauth2 do
       expect(token.client).to eq(:client)
     end
 
-    it 'should call super if this is not an AJAX request' do
+    it 'should use callback_url without query_string if this is not an AJAX request' do
       allow(request).to receive(:xhr?).and_return(false)
       allow(request).to receive(:params).and_return('code' => 'valid_code')
-      expect(subject).to receive(:orig_build_access_token)
+
+      client = double(:client)
+      auth_code = double(:auth_code)
+      allow(client).to receive(:auth_code).and_return(auth_code)
+      allow(subject).to receive(:callback_url).and_return('redirect_uri_without_query_string')
+
+      expect(subject).to receive(:client).and_return(client)
+      expect(auth_code).to receive(:get_token).with('valid_code', { :redirect_uri => 'redirect_uri_without_query_string'}, {})
       subject.build_access_token
     end
   end
@@ -544,19 +557,18 @@ describe OmniAuth::Strategies::GoogleOauth2 do
       subject.options.client_options[:connection_build] = proc do |builder|
         builder.request :url_encoded
         builder.adapter :test do |stub|
-          stub.get('/oauth2/v2/tokeninfo?access_token=valid_access_token') do |env|
+          stub.get('/oauth2/v3/tokeninfo?access_token=valid_access_token') do |env|
             [200, {'Content-Type' => 'application/json; charset=UTF-8'}, MultiJson.encode(
-              :issued_to => '000000000000.apps.googleusercontent.com',
-              :audience => '000000000000.apps.googleusercontent.com',
-              :user_id => '000000000000000000000',
-              :scope => 'profile email',
-              :expires_in => 3514,
-              :email => 'me@example.com',
-              :verified_email => true,
-              :access_type => 'online'
+              :aud => "000000000000.apps.googleusercontent.com",
+              :sub => "123456789",
+              :email_verified => "true",
+              :email => "example@example.com",
+              :access_type => "offline",
+              :scope => "profile email",
+              :expires_in => 436
             )]
           end
-          stub.get('/oauth2/v2/tokeninfo?access_token=invalid_access_token') do |env|
+          stub.get('/oauth2/v3/tokeninfo?access_token=invalid_access_token') do |env|
             [400, {'Content-Type' => 'application/json; charset=UTF-8'}, MultiJson.encode(:error_description => 'Invalid Value')]
           end
         end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-google-oauth2
 version: !ruby/object:Gem::Version
-  version: 0.2.10
+  version: 0.3.0
 platform: ruby
 authors:
 - Josh Ellithorpe
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-11-05 00:00:00.000000000 Z
+date: 2016-01-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth
@@ -29,14 +29,14 @@ dependencies:
   name: omniauth-oauth2
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.3.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.3.1
 - !ruby/object:Gem::Dependency
@@ -152,7 +152,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.3
+rubygems_version: 2.5.1
 signing_key: 
 specification_version: 4
 summary: A Google OAuth2 strategy for OmniAuth 1.x