omniauth-google-oauth2 1.1.0 → 1.1.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/ci.yml +1 -1
- data/CHANGELOG.md +28 -0
- data/README.md +4 -0
- data/examples/Gemfile +1 -1
- data/examples/config.ru +19 -9
- data/examples/omni_auth.rb +4 -4
- data/lib/omniauth/google_oauth2/version.rb +1 -1
- data/lib/omniauth/strategies/google_oauth2.rb +6 -5
- data/omniauth-google-oauth2.gemspec +2 -2
- data/spec/omniauth/strategies/google_oauth2_spec.rb +11 -0
- metadata +6 -7
- data/.travis.yml +0 -9
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: adbd87cbf3dc07abbc3f14d2923a655b78cae9701432c0f0866e959eeb946606
|
|
4
|
+
data.tar.gz: f4b975b570dd5b96032402766be88e8537f419ea361564275b2e84b97bd2cdb9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0445f4e07feba58d9b850dcf6d0a45e256a9e6557de6f5a248b0ac8e42004446eb9bc31cfa3dd3f61cb0baab276b3d85b17f302863f81f0560c4532f58a05115
|
|
7
|
+
data.tar.gz: 4a7c65a13c017c7da47d8a82e86615e51af46c32d20dcf25d4fcc6451b81299a63c291b78b3b956ddc4c015d97e2d2c855efa6647ad29f7cda25171746231e4a
|
data/.github/workflows/ci.yml
CHANGED
data/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,34 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
All notable changes to this project will be documented in this file.
|
|
3
3
|
|
|
4
|
+
## 1.1.2 - 2024-03-28
|
|
5
|
+
|
|
6
|
+
### Added
|
|
7
|
+
- Add support for enable_granular_consent option (#455)
|
|
8
|
+
|
|
9
|
+
### Deprecated
|
|
10
|
+
- Nothing.
|
|
11
|
+
|
|
12
|
+
### Removed
|
|
13
|
+
- Nothing.
|
|
14
|
+
|
|
15
|
+
### Fixed
|
|
16
|
+
- Nothing.
|
|
17
|
+
|
|
18
|
+
## 1.1.1 - 2022-09-05
|
|
19
|
+
|
|
20
|
+
### Added
|
|
21
|
+
- Nothing.
|
|
22
|
+
|
|
23
|
+
### Deprecated
|
|
24
|
+
- Nothing.
|
|
25
|
+
|
|
26
|
+
### Removed
|
|
27
|
+
- Nothing.
|
|
28
|
+
|
|
29
|
+
### Fixed
|
|
30
|
+
- Fixed JWT decoding issue. (Invalid segment encoding) [#431](https://github.com/zquestz/omniauth-google-oauth2/pull/431)
|
|
31
|
+
|
|
4
32
|
## 1.1.0 - 2022-09-03
|
|
5
33
|
|
|
6
34
|
### Added
|
data/README.md
CHANGED
|
@@ -40,6 +40,8 @@ You can now access the OmniAuth Google OAuth2 URL: `/auth/google_oauth2`
|
|
|
40
40
|
|
|
41
41
|
For more examples please check out `examples/omni_auth.rb`
|
|
42
42
|
|
|
43
|
+
[Using Devise? Skip the above and jump down to the Devise section!](#devise) After setting up the provider via Devise, you can reference the confdiurations below.
|
|
44
|
+
|
|
43
45
|
NOTE: While developing your application, if you change the scope in the initializer you will need to restart your app server. Remember that either the 'email' or 'profile' scope is required!
|
|
44
46
|
|
|
45
47
|
## Configuration
|
|
@@ -81,6 +83,8 @@ You can configure several options, which you pass in to the `provider` method vi
|
|
|
81
83
|
|
|
82
84
|
* `include_granted_scopes`: If this is provided with the value true, and the authorization request is granted, the authorization will include any previous authorizations granted to this user/application combination for other scopes. See Google's [Incremental Authorization](https://developers.google.com/accounts/docs/OAuth2WebServer#incrementalAuth) for additional details.
|
|
83
85
|
|
|
86
|
+
* `enable_granular_consent`: If this is provided with the value true, users can choose to only grant access to specific data. See Google's [How to handle granular permissions](https://developers.google.com/identity/protocols/oauth2/resources/granular-permissions) guide for additional details.
|
|
87
|
+
|
|
84
88
|
* `openid_realm`: Set the OpenID realm value, to allow upgrading from OpenID based authentication to OAuth 2 based authentication. When this is set correctly an `openid_id` value will be set in `['extra']['id_info']` in the authentication hash with the value of the user's OpenID ID URL.
|
|
85
89
|
|
|
86
90
|
* `provider_ignores_state`: You will need to set this to `true` when using the `One-time Code Flow` below. In this flow there is no server side redirect that would set the state.
|
data/examples/Gemfile
CHANGED
data/examples/config.ru
CHANGED
|
@@ -19,6 +19,19 @@ OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
|
|
|
19
19
|
|
|
20
20
|
# Main example app for omniauth-google-oauth2
|
|
21
21
|
class App < Sinatra::Base
|
|
22
|
+
configure do
|
|
23
|
+
set :sessions, true
|
|
24
|
+
set :inline_templates, true
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
use Rack::Session::Cookie, secret: ENV['RACK_COOKIE_SECRET']
|
|
28
|
+
|
|
29
|
+
use OmniAuth::Builder do
|
|
30
|
+
# For additional provider examples please look at 'omni_auth.rb'
|
|
31
|
+
# The key provider_ignores_state is only for AJAX flows. It is not recommended for normal logins.
|
|
32
|
+
provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'], access_type: 'offline', prompt: 'consent', provider_ignores_state: true, scope: 'email,profile,calendar'
|
|
33
|
+
end
|
|
34
|
+
|
|
22
35
|
get '/' do
|
|
23
36
|
<<-HTML
|
|
24
37
|
<!DOCTYPE html>
|
|
@@ -73,7 +86,12 @@ class App < Sinatra::Base
|
|
|
73
86
|
</head>
|
|
74
87
|
<body>
|
|
75
88
|
<ul>
|
|
76
|
-
<li
|
|
89
|
+
<li>
|
|
90
|
+
<form method='post' action='/auth/google_oauth2'>
|
|
91
|
+
<input type="hidden" name="authenticity_token" value="#{request.env['rack.session']['csrf']}">
|
|
92
|
+
<button type='submit'>Login with Google</button>
|
|
93
|
+
</form>
|
|
94
|
+
</li>
|
|
77
95
|
<li><a href='#' class="googleplus-login">Sign in with Google via AJAX</a></li>
|
|
78
96
|
</ul>
|
|
79
97
|
</body>
|
|
@@ -109,12 +127,4 @@ class App < Sinatra::Base
|
|
|
109
127
|
end
|
|
110
128
|
end
|
|
111
129
|
|
|
112
|
-
use Rack::Session::Cookie, secret: ENV['RACK_COOKIE_SECRET']
|
|
113
|
-
|
|
114
|
-
use OmniAuth::Builder do
|
|
115
|
-
# For additional provider examples please look at 'omni_auth.rb'
|
|
116
|
-
# The key provider_ignores_state is only for AJAX flows. It is not recommended for normal logins.
|
|
117
|
-
provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'], access_type: 'offline', prompt: 'consent', provider_ignores_state: true, scope: 'email,profile,calendar'
|
|
118
|
-
end
|
|
119
|
-
|
|
120
130
|
run App.new
|
data/examples/omni_auth.rb
CHANGED
|
@@ -8,11 +8,11 @@ Rails.application.config.middleware.use OmniAuth::Builder do
|
|
|
8
8
|
# Default usage, this will give you offline access and a refresh token
|
|
9
9
|
# using default scopes 'email' and 'profile'
|
|
10
10
|
#
|
|
11
|
-
provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'], scope: 'email,profile'
|
|
11
|
+
provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'], scope: 'email, profile'
|
|
12
12
|
|
|
13
13
|
# Custom redirect_uri
|
|
14
14
|
#
|
|
15
|
-
# provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'], scope: 'email,profile', redirect_uri: 'https://localhost:3000/redirect'
|
|
15
|
+
# provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'], scope: 'email, profile', redirect_uri: 'https://localhost:3000/redirect'
|
|
16
16
|
|
|
17
17
|
# Manual setup for offline access with a refresh token.
|
|
18
18
|
#
|
|
@@ -21,7 +21,7 @@ Rails.application.config.middleware.use OmniAuth::Builder do
|
|
|
21
21
|
# Custom scope supporting youtube. If you are customizing scopes, remember
|
|
22
22
|
# to include the default scopes 'email' and 'profile'
|
|
23
23
|
#
|
|
24
|
-
# provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'], scope: 'http://gdata.youtube.com,email,profile,plus.me'
|
|
24
|
+
# provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'], scope: 'http://gdata.youtube.com, email, profile, plus.me'
|
|
25
25
|
|
|
26
26
|
# Custom scope for users only using Google for account creation/auth and do not require a refresh token.
|
|
27
27
|
#
|
|
@@ -29,7 +29,7 @@ Rails.application.config.middleware.use OmniAuth::Builder do
|
|
|
29
29
|
|
|
30
30
|
# To include information about people in your circles you must include the 'plus.login' scope.
|
|
31
31
|
#
|
|
32
|
-
# provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'], skip_friends: false, scope: 'email,profile,plus.login'
|
|
32
|
+
# provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'], skip_friends: false, scope: 'email, profile, plus.login'
|
|
33
33
|
|
|
34
34
|
# If you need to acquire whether user picture is a default one or uploaded by user.
|
|
35
35
|
#
|
|
@@ -15,7 +15,7 @@ module OmniAuth
|
|
|
15
15
|
DEFAULT_SCOPE = 'email,profile'
|
|
16
16
|
USER_INFO_URL = 'https://www.googleapis.com/oauth2/v3/userinfo'
|
|
17
17
|
IMAGE_SIZE_REGEXP = /(s\d+(-c)?)|(w\d+-h\d+(-c)?)|(w\d+(-c)?)|(h\d+(-c)?)|c/
|
|
18
|
-
AUTHORIZE_OPTIONS = %i[access_type hd login_hint prompt request_visible_actions scope state redirect_uri include_granted_scopes openid_realm device_id device_name]
|
|
18
|
+
AUTHORIZE_OPTIONS = %i[access_type hd login_hint prompt request_visible_actions scope state redirect_uri include_granted_scopes enable_granular_consent openid_realm device_id device_name]
|
|
19
19
|
|
|
20
20
|
option :name, 'google_oauth2'
|
|
21
21
|
option :skip_friends, true
|
|
@@ -69,9 +69,10 @@ module OmniAuth
|
|
|
69
69
|
|
|
70
70
|
extra do
|
|
71
71
|
hash = {}
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
72
|
+
token = nil_or_empty?(access_token['id_token']) ? access_token.token : access_token['id_token']
|
|
73
|
+
hash[:id_token] = token
|
|
74
|
+
if !options[:skip_jwt] && !nil_or_empty?(token)
|
|
75
|
+
decoded = ::JWT.decode(token, nil, false).first
|
|
75
76
|
|
|
76
77
|
# We have to manually verify the claims because the third parameter to
|
|
77
78
|
# JWT.decode is false since no verification key is provided.
|
|
@@ -108,7 +109,7 @@ module OmniAuth
|
|
|
108
109
|
|
|
109
110
|
private
|
|
110
111
|
|
|
111
|
-
def nil_or_empty(obj)
|
|
112
|
+
def nil_or_empty?(obj)
|
|
112
113
|
obj.is_a?(String) ? obj.empty? : obj.nil?
|
|
113
114
|
end
|
|
114
115
|
|
|
@@ -21,9 +21,9 @@ Gem::Specification.new do |gem|
|
|
|
21
21
|
gem.required_ruby_version = '>= 2.2'
|
|
22
22
|
|
|
23
23
|
gem.add_runtime_dependency 'jwt', '>= 2.0'
|
|
24
|
-
gem.add_runtime_dependency 'oauth2', '~> 2.0
|
|
24
|
+
gem.add_runtime_dependency 'oauth2', '~> 2.0'
|
|
25
25
|
gem.add_runtime_dependency 'omniauth', '~> 2.0'
|
|
26
|
-
gem.add_runtime_dependency 'omniauth-oauth2', '~> 1.8
|
|
26
|
+
gem.add_runtime_dependency 'omniauth-oauth2', '~> 1.8'
|
|
27
27
|
|
|
28
28
|
gem.add_development_dependency 'rake', '~> 12.0'
|
|
29
29
|
gem.add_development_dependency 'rspec', '~> 3.6'
|
|
@@ -176,6 +176,17 @@ describe OmniAuth::Strategies::GoogleOauth2 do
|
|
|
176
176
|
end
|
|
177
177
|
end
|
|
178
178
|
|
|
179
|
+
describe 'enable_granular_consent' do
|
|
180
|
+
it 'should default to nil' do
|
|
181
|
+
expect(subject.authorize_params['enable_granular_consent']).to eq(nil)
|
|
182
|
+
end
|
|
183
|
+
|
|
184
|
+
it 'should set the enable_granular_consent parameter if present' do
|
|
185
|
+
@options = { enable_granular_consent: 'true' }
|
|
186
|
+
expect(subject.authorize_params['enable_granular_consent']).to eq('true')
|
|
187
|
+
end
|
|
188
|
+
end
|
|
189
|
+
|
|
179
190
|
describe 'scope' do
|
|
180
191
|
it 'should expand scope shortcuts' do
|
|
181
192
|
@options = { scope: 'calendar' }
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: omniauth-google-oauth2
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.1.
|
|
4
|
+
version: 1.1.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Josh Ellithorpe
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2024-03-29 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: jwt
|
|
@@ -31,14 +31,14 @@ dependencies:
|
|
|
31
31
|
requirements:
|
|
32
32
|
- - "~>"
|
|
33
33
|
- !ruby/object:Gem::Version
|
|
34
|
-
version: 2.0
|
|
34
|
+
version: '2.0'
|
|
35
35
|
type: :runtime
|
|
36
36
|
prerelease: false
|
|
37
37
|
version_requirements: !ruby/object:Gem::Requirement
|
|
38
38
|
requirements:
|
|
39
39
|
- - "~>"
|
|
40
40
|
- !ruby/object:Gem::Version
|
|
41
|
-
version: 2.0
|
|
41
|
+
version: '2.0'
|
|
42
42
|
- !ruby/object:Gem::Dependency
|
|
43
43
|
name: omniauth
|
|
44
44
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -59,14 +59,14 @@ dependencies:
|
|
|
59
59
|
requirements:
|
|
60
60
|
- - "~>"
|
|
61
61
|
- !ruby/object:Gem::Version
|
|
62
|
-
version: 1.8
|
|
62
|
+
version: '1.8'
|
|
63
63
|
type: :runtime
|
|
64
64
|
prerelease: false
|
|
65
65
|
version_requirements: !ruby/object:Gem::Requirement
|
|
66
66
|
requirements:
|
|
67
67
|
- - "~>"
|
|
68
68
|
- !ruby/object:Gem::Version
|
|
69
|
-
version: 1.8
|
|
69
|
+
version: '1.8'
|
|
70
70
|
- !ruby/object:Gem::Dependency
|
|
71
71
|
name: rake
|
|
72
72
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -120,7 +120,6 @@ files:
|
|
|
120
120
|
- ".github/workflows/ci.yml"
|
|
121
121
|
- ".gitignore"
|
|
122
122
|
- ".rubocop.yml"
|
|
123
|
-
- ".travis.yml"
|
|
124
123
|
- CHANGELOG.md
|
|
125
124
|
- Gemfile
|
|
126
125
|
- README.md
|