omniauth-google-oauth2 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/ci.yml +21 -0
- data/.travis.yml +6 -3
- data/CHANGELOG.md +16 -1
- data/README.md +5 -1
- data/examples/Gemfile +1 -0
- data/lib/omniauth/google_oauth2/version.rb +1 -1
- data/lib/omniauth/strategies/google_oauth2.rb +19 -4
- data/spec/omniauth/strategies/google_oauth2_spec.rb +47 -0
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3b1fdc81978e86a4a1b0c493bc1d83f9e6fa1e613bfb69b2feee8af2a6869b99
|
|
4
|
+
data.tar.gz: 02efca2850b5e053630aa7da102a9162aca87d16d6ab9fb6408654fd98c145c1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6f2c99c806cc6d08dadcc472474418cfbace26481e1d828aa90571d5bbf77e3e26c9b600fd6fd1d97c8a71d4e349d230f87a5e11a9106874d106a240f3cad9ec
|
|
7
|
+
data.tar.gz: a66acdde9fdda8ec2f00f861a0a1a2ca89f8faeae84388f44dca938db0e9f55ca6d166de2633c4e27ffe7cf44bcfcc5ef0c5f0a4bfbcc3990d13c89ff7ac322c
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
name: CI
|
|
2
|
+
|
|
3
|
+
on: [push, pull_request]
|
|
4
|
+
|
|
5
|
+
jobs:
|
|
6
|
+
test:
|
|
7
|
+
runs-on: ubuntu-latest
|
|
8
|
+
strategy:
|
|
9
|
+
matrix:
|
|
10
|
+
ruby-version: ['2.3', '2.4', '2.5', '2.6', '2.7', '3.0', '3.1']
|
|
11
|
+
|
|
12
|
+
steps:
|
|
13
|
+
- uses: actions/checkout@v2
|
|
14
|
+
- name: Set up Ruby ${{ matrix.ruby-version }}
|
|
15
|
+
uses: ruby/setup-ruby@v1
|
|
16
|
+
with:
|
|
17
|
+
ruby-version: ${{ matrix.ruby-version }}
|
|
18
|
+
bundler-cache: true # 'bundle install' and cache
|
|
19
|
+
- name: Run specs
|
|
20
|
+
run: |
|
|
21
|
+
bundle exec rake
|
data/.travis.yml
CHANGED
data/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,21 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
All notable changes to this project will be documented in this file.
|
|
3
3
|
|
|
4
|
+
## 1.0.1 - 2022-03-10
|
|
5
|
+
|
|
6
|
+
### Added
|
|
7
|
+
- Output granted scopes in credentials block of the auth hash.
|
|
8
|
+
- Migrated to GitHub actions.
|
|
9
|
+
|
|
10
|
+
### Deprecated
|
|
11
|
+
- Nothing.
|
|
12
|
+
|
|
13
|
+
### Removed
|
|
14
|
+
- Nothing.
|
|
15
|
+
|
|
16
|
+
### Fixed
|
|
17
|
+
- Overriding the `redirect_uri` via params or JSON request body.
|
|
18
|
+
|
|
4
19
|
## 1.0.0 - 2021-03-14
|
|
5
20
|
|
|
6
21
|
### Added
|
|
@@ -10,7 +25,7 @@ All notable changes to this project will be documented in this file.
|
|
|
10
25
|
- Nothing.
|
|
11
26
|
|
|
12
27
|
### Removed
|
|
13
|
-
- Support for Omniauth 1.x
|
|
28
|
+
- Support for Omniauth 1.x.
|
|
14
29
|
|
|
15
30
|
### Fixed
|
|
16
31
|
- Nothing.
|
data/README.md
CHANGED
|
@@ -1,5 +1,4 @@
|
|
|
1
1
|
[](https://badge.fury.io/rb/omniauth-google-oauth2)
|
|
2
|
-
[](https://travis-ci.org/zquestz/omniauth-google-oauth2)
|
|
3
2
|
|
|
4
3
|
# OmniAuth Google OAuth2 Strategy
|
|
5
4
|
|
|
@@ -34,6 +33,7 @@ Here's an example for adding the middleware to a Rails app in `config/initialize
|
|
|
34
33
|
Rails.application.config.middleware.use OmniAuth::Builder do
|
|
35
34
|
provider :google_oauth2, ENV['GOOGLE_CLIENT_ID'], ENV['GOOGLE_CLIENT_SECRET']
|
|
36
35
|
end
|
|
36
|
+
OmniAuth.config.allowed_request_methods = %i[get]
|
|
37
37
|
```
|
|
38
38
|
|
|
39
39
|
You can now access the OmniAuth Google OAuth2 URL: `/auth/google_oauth2`
|
|
@@ -217,6 +217,10 @@ end
|
|
|
217
217
|
For your views you can login using:
|
|
218
218
|
|
|
219
219
|
```erb
|
|
220
|
+
<%# omniauth-google-oauth2 1.0.x uses OmniAuth 2 and requires using HTTP Post to initiate authentication: %>
|
|
221
|
+
<%= link_to "Sign in with Google", user_google_oauth2_omniauth_authorize_path, method: :post %>
|
|
222
|
+
|
|
223
|
+
<%# omniauth-google-oauth2 prior 1.0.0: %>
|
|
220
224
|
<%= link_to "Sign in with Google", user_google_oauth2_omniauth_authorize_path %>
|
|
221
225
|
|
|
222
226
|
<%# Devise prior 4.1.0: %>
|
data/examples/Gemfile
CHANGED
|
@@ -60,6 +60,11 @@ module OmniAuth
|
|
|
60
60
|
)
|
|
61
61
|
end
|
|
62
62
|
|
|
63
|
+
credentials do
|
|
64
|
+
# Tokens and expiration will be used from OAuth2 strategy credentials block
|
|
65
|
+
prune!({ 'scope' => token_info(access_token.token)['scope'] })
|
|
66
|
+
end
|
|
67
|
+
|
|
63
68
|
extra do
|
|
64
69
|
hash = {}
|
|
65
70
|
hash[:id_token] = access_token['id_token']
|
|
@@ -121,8 +126,9 @@ module OmniAuth
|
|
|
121
126
|
request.body.rewind # rewind request body for downstream middlewares
|
|
122
127
|
verifier = body && body['code']
|
|
123
128
|
access_token = body && body['access_token']
|
|
129
|
+
redirect_uri ||= body && body['redirect_uri']
|
|
124
130
|
if verifier
|
|
125
|
-
client_get_token(verifier, 'postmessage')
|
|
131
|
+
client_get_token(verifier, redirect_uri || 'postmessage')
|
|
126
132
|
elsif verify_token(access_token)
|
|
127
133
|
::OAuth2::AccessToken.from_hash(client, body.dup)
|
|
128
134
|
end
|
|
@@ -214,12 +220,21 @@ module OmniAuth
|
|
|
214
220
|
URI.encode_www_form(stripped_params)
|
|
215
221
|
end
|
|
216
222
|
|
|
223
|
+
def token_info(access_token)
|
|
224
|
+
return nil unless access_token
|
|
225
|
+
|
|
226
|
+
@token_info ||= Hash.new do |h, k|
|
|
227
|
+
h[k] = client.request(:get, 'https://www.googleapis.com/oauth2/v3/tokeninfo', params: { access_token: access_token }).parsed
|
|
228
|
+
end
|
|
229
|
+
|
|
230
|
+
@token_info[access_token]
|
|
231
|
+
end
|
|
232
|
+
|
|
217
233
|
def verify_token(access_token)
|
|
218
234
|
return false unless access_token
|
|
219
235
|
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
raw_response['aud'] == options.client_id || options.authorized_client_ids.include?(raw_response['aud'])
|
|
236
|
+
token_info = token_info(access_token)
|
|
237
|
+
token_info['aud'] == options.client_id || options.authorized_client_ids.include?(token_info['aud'])
|
|
223
238
|
end
|
|
224
239
|
|
|
225
240
|
def verify_hd(access_token)
|
|
@@ -347,6 +347,37 @@ describe OmniAuth::Strategies::GoogleOauth2 do
|
|
|
347
347
|
end
|
|
348
348
|
end
|
|
349
349
|
|
|
350
|
+
describe '#credentials' do
|
|
351
|
+
let(:client) { OAuth2::Client.new('abc', 'def') }
|
|
352
|
+
let(:access_token) { OAuth2::AccessToken.from_hash(client, access_token: 'valid_access_token', expires_at: 123_456_789, refresh_token: 'valid_refresh_token') }
|
|
353
|
+
before(:each) do
|
|
354
|
+
allow(subject).to receive(:access_token).and_return(access_token)
|
|
355
|
+
subject.options.client_options[:connection_build] = proc do |builder|
|
|
356
|
+
builder.request :url_encoded
|
|
357
|
+
builder.adapter :test do |stub|
|
|
358
|
+
stub.get('/oauth2/v3/tokeninfo?access_token=valid_access_token') do
|
|
359
|
+
[200, { 'Content-Type' => 'application/json; charset=UTF-8' }, JSON.dump(
|
|
360
|
+
aud: '000000000000.apps.googleusercontent.com',
|
|
361
|
+
sub: '123456789',
|
|
362
|
+
scope: 'profile email'
|
|
363
|
+
)]
|
|
364
|
+
end
|
|
365
|
+
end
|
|
366
|
+
end
|
|
367
|
+
end
|
|
368
|
+
|
|
369
|
+
it 'should return access token and (optionally) refresh token' do
|
|
370
|
+
expect(subject.credentials.to_h).to \
|
|
371
|
+
match(hash_including(
|
|
372
|
+
'token' => 'valid_access_token',
|
|
373
|
+
'refresh_token' => 'valid_refresh_token',
|
|
374
|
+
'scope' => 'profile email',
|
|
375
|
+
'expires_at' => 123_456_789,
|
|
376
|
+
'expires' => true
|
|
377
|
+
))
|
|
378
|
+
end
|
|
379
|
+
end
|
|
380
|
+
|
|
350
381
|
describe '#extra' do
|
|
351
382
|
let(:client) do
|
|
352
383
|
OAuth2::Client.new('abc', 'def') do |builder|
|
|
@@ -641,6 +672,22 @@ describe OmniAuth::Strategies::GoogleOauth2 do
|
|
|
641
672
|
subject.build_access_token
|
|
642
673
|
end
|
|
643
674
|
|
|
675
|
+
it 'reads the redirect uri from a json request body' do
|
|
676
|
+
body = StringIO.new(%({"code":"json_access_token", "redirect_uri":"sample"}))
|
|
677
|
+
client = double(:client)
|
|
678
|
+
auth_code = double(:auth_code)
|
|
679
|
+
|
|
680
|
+
allow(request).to receive(:xhr?).and_return(false)
|
|
681
|
+
allow(request).to receive(:content_type).and_return('application/json')
|
|
682
|
+
allow(request).to receive(:body).and_return(body)
|
|
683
|
+
allow(client).to receive(:auth_code).and_return(auth_code)
|
|
684
|
+
expect(subject).to receive(:client).and_return(client)
|
|
685
|
+
|
|
686
|
+
expect(auth_code).to receive(:get_token).with('json_access_token', { redirect_uri: 'sample' }, {})
|
|
687
|
+
|
|
688
|
+
subject.build_access_token
|
|
689
|
+
end
|
|
690
|
+
|
|
644
691
|
it 'reads the access token from a json request body' do
|
|
645
692
|
body = StringIO.new(%({"access_token":"valid_access_token"}))
|
|
646
693
|
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: omniauth-google-oauth2
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Josh Ellithorpe
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2022-03-11 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: jwt
|
|
@@ -117,6 +117,7 @@ executables: []
|
|
|
117
117
|
extensions: []
|
|
118
118
|
extra_rdoc_files: []
|
|
119
119
|
files:
|
|
120
|
+
- ".github/workflows/ci.yml"
|
|
120
121
|
- ".gitignore"
|
|
121
122
|
- ".rubocop.yml"
|
|
122
123
|
- ".travis.yml"
|