omniauth-google-oauth2 1.1.1 → 1.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/ci.yml +1 -1
- data/.rubocop.yml +11 -1
- data/CHANGELOG.md +29 -0
- data/README.md +7 -1
- data/examples/Gemfile +1 -1
- data/examples/omni_auth.rb +4 -4
- data/lib/omniauth/google_oauth2/version.rb +1 -1
- data/lib/omniauth/strategies/google_oauth2.rb +2 -2
- data/omniauth-google-oauth2.gemspec +2 -2
- data/spec/omniauth/strategies/google_oauth2_spec.rb +14 -3
- metadata +6 -7
- data/.travis.yml +0 -9
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7eb54f22683d8785746e4da71576b5f84cf2f654961879dc10c2585b61ac27e6
|
|
4
|
+
data.tar.gz: 32dd7cb7faaece80dd26f9675f2cd46fc20d39531a2230d24709296fa53cf1bc
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: aebca15a4956422c94af941328c51007a4bf0d461fe109586ae90b4dddcfdc0acd8cc7a6abade1589986866040962be3457ab3ab4c27ebfbe3a390d15e1f0a38
|
|
7
|
+
data.tar.gz: 8d2a97f39e08ee8f8ccb00e6b9d7bdb6d9d96d26097ad36ca7486ba9f41a2671fa77c3b19628c83aa475a939c01331539df468d1280bc990927fc0e5475a3fe7
|
data/.github/workflows/ci.yml
CHANGED
data/.rubocop.yml
CHANGED
|
@@ -6,7 +6,7 @@ Metrics/BlockLength:
|
|
|
6
6
|
ExcludedMethods: ['describe', 'context', 'shared_examples']
|
|
7
7
|
Metrics/CyclomaticComplexity:
|
|
8
8
|
Enabled: false
|
|
9
|
-
|
|
9
|
+
Layout/LineLength:
|
|
10
10
|
Enabled: false
|
|
11
11
|
Metrics/MethodLength:
|
|
12
12
|
Enabled: false
|
|
@@ -18,3 +18,13 @@ Style/MutableConstant:
|
|
|
18
18
|
Enabled: false
|
|
19
19
|
Gemspec/RequiredRubyVersion:
|
|
20
20
|
Enabled: false
|
|
21
|
+
Lint/RaiseException:
|
|
22
|
+
Enabled: false
|
|
23
|
+
Lint/StructNewOverride:
|
|
24
|
+
Enabled: false
|
|
25
|
+
Style/HashEachMethods:
|
|
26
|
+
Enabled: false
|
|
27
|
+
Style/HashTransformKeys:
|
|
28
|
+
Enabled: false
|
|
29
|
+
Style/HashTransformValues:
|
|
30
|
+
Enabled: false
|
data/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,35 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
All notable changes to this project will be documented in this file.
|
|
3
3
|
|
|
4
|
+
## 1.1.3 - 2024-08-29
|
|
5
|
+
|
|
6
|
+
### Added
|
|
7
|
+
- Updated to use POST instead of GET for tokeninfo endpoint.
|
|
8
|
+
|
|
9
|
+
### Deprecated
|
|
10
|
+
- Nothing.
|
|
11
|
+
|
|
12
|
+
### Removed
|
|
13
|
+
- Nothing.
|
|
14
|
+
|
|
15
|
+
### Fixed
|
|
16
|
+
- Documentation typos.
|
|
17
|
+
- Rubocop configuration updates.
|
|
18
|
+
|
|
19
|
+
## 1.1.2 - 2024-03-28
|
|
20
|
+
|
|
21
|
+
### Added
|
|
22
|
+
- Add support for enable_granular_consent option (#455)
|
|
23
|
+
|
|
24
|
+
### Deprecated
|
|
25
|
+
- Nothing.
|
|
26
|
+
|
|
27
|
+
### Removed
|
|
28
|
+
- Nothing.
|
|
29
|
+
|
|
30
|
+
### Fixed
|
|
31
|
+
- Nothing.
|
|
32
|
+
|
|
4
33
|
## 1.1.1 - 2022-09-05
|
|
5
34
|
|
|
6
35
|
### Added
|
data/README.md
CHANGED
|
@@ -40,6 +40,8 @@ You can now access the OmniAuth Google OAuth2 URL: `/auth/google_oauth2`
|
|
|
40
40
|
|
|
41
41
|
For more examples please check out `examples/omni_auth.rb`
|
|
42
42
|
|
|
43
|
+
[Using Devise? Skip the above and jump down to the Devise section!](#devise) After setting up the provider via Devise, you can reference the configurations below.
|
|
44
|
+
|
|
43
45
|
NOTE: While developing your application, if you change the scope in the initializer you will need to restart your app server. Remember that either the 'email' or 'profile' scope is required!
|
|
44
46
|
|
|
45
47
|
## Configuration
|
|
@@ -81,6 +83,8 @@ You can configure several options, which you pass in to the `provider` method vi
|
|
|
81
83
|
|
|
82
84
|
* `include_granted_scopes`: If this is provided with the value true, and the authorization request is granted, the authorization will include any previous authorizations granted to this user/application combination for other scopes. See Google's [Incremental Authorization](https://developers.google.com/accounts/docs/OAuth2WebServer#incrementalAuth) for additional details.
|
|
83
85
|
|
|
86
|
+
* `enable_granular_consent`: If this is provided with the value true, users can choose to only grant access to specific data. See Google's [How to handle granular permissions](https://developers.google.com/identity/protocols/oauth2/resources/granular-permissions) guide for additional details.
|
|
87
|
+
|
|
84
88
|
* `openid_realm`: Set the OpenID realm value, to allow upgrading from OpenID based authentication to OAuth 2 based authentication. When this is set correctly an `openid_id` value will be set in `['extra']['id_info']` in the authentication hash with the value of the user's OpenID ID URL.
|
|
85
89
|
|
|
86
90
|
* `provider_ignores_state`: You will need to set this to `true` when using the `One-time Code Flow` below. In this flow there is no server side redirect that would set the state.
|
|
@@ -201,6 +205,8 @@ end
|
|
|
201
205
|
and bind to or create the user
|
|
202
206
|
|
|
203
207
|
```ruby
|
|
208
|
+
# app/models/user.rb
|
|
209
|
+
|
|
204
210
|
def self.from_omniauth(access_token)
|
|
205
211
|
data = access_token.info
|
|
206
212
|
user = User.where(email: data['email']).first
|
|
@@ -229,7 +235,7 @@ For your views you can login using:
|
|
|
229
235
|
<%= link_to "Sign in with Google", user_omniauth_authorize_path(:google_oauth2) %>
|
|
230
236
|
```
|
|
231
237
|
|
|
232
|
-
An overview is available at https://github.com/
|
|
238
|
+
An overview is available at https://github.com/heartcombo/devise/wiki/OmniAuth:-Overview
|
|
233
239
|
|
|
234
240
|
### One-time Code Flow (Hybrid Authentication)
|
|
235
241
|
|
data/examples/Gemfile
CHANGED
data/examples/omni_auth.rb
CHANGED
|
@@ -8,11 +8,11 @@ Rails.application.config.middleware.use OmniAuth::Builder do
|
|
|
8
8
|
# Default usage, this will give you offline access and a refresh token
|
|
9
9
|
# using default scopes 'email' and 'profile'
|
|
10
10
|
#
|
|
11
|
-
provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'], scope: 'email,profile'
|
|
11
|
+
provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'], scope: 'email, profile'
|
|
12
12
|
|
|
13
13
|
# Custom redirect_uri
|
|
14
14
|
#
|
|
15
|
-
# provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'], scope: 'email,profile', redirect_uri: 'https://localhost:3000/redirect'
|
|
15
|
+
# provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'], scope: 'email, profile', redirect_uri: 'https://localhost:3000/redirect'
|
|
16
16
|
|
|
17
17
|
# Manual setup for offline access with a refresh token.
|
|
18
18
|
#
|
|
@@ -21,7 +21,7 @@ Rails.application.config.middleware.use OmniAuth::Builder do
|
|
|
21
21
|
# Custom scope supporting youtube. If you are customizing scopes, remember
|
|
22
22
|
# to include the default scopes 'email' and 'profile'
|
|
23
23
|
#
|
|
24
|
-
# provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'], scope: 'http://gdata.youtube.com,email,profile,plus.me'
|
|
24
|
+
# provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'], scope: 'http://gdata.youtube.com, email, profile, plus.me'
|
|
25
25
|
|
|
26
26
|
# Custom scope for users only using Google for account creation/auth and do not require a refresh token.
|
|
27
27
|
#
|
|
@@ -29,7 +29,7 @@ Rails.application.config.middleware.use OmniAuth::Builder do
|
|
|
29
29
|
|
|
30
30
|
# To include information about people in your circles you must include the 'plus.login' scope.
|
|
31
31
|
#
|
|
32
|
-
# provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'], skip_friends: false, scope: 'email,profile,plus.login'
|
|
32
|
+
# provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'], skip_friends: false, scope: 'email, profile, plus.login'
|
|
33
33
|
|
|
34
34
|
# If you need to acquire whether user picture is a default one or uploaded by user.
|
|
35
35
|
#
|
|
@@ -15,7 +15,7 @@ module OmniAuth
|
|
|
15
15
|
DEFAULT_SCOPE = 'email,profile'
|
|
16
16
|
USER_INFO_URL = 'https://www.googleapis.com/oauth2/v3/userinfo'
|
|
17
17
|
IMAGE_SIZE_REGEXP = /(s\d+(-c)?)|(w\d+-h\d+(-c)?)|(w\d+(-c)?)|(h\d+(-c)?)|c/
|
|
18
|
-
AUTHORIZE_OPTIONS = %i[access_type hd login_hint prompt request_visible_actions scope state redirect_uri include_granted_scopes openid_realm device_id device_name]
|
|
18
|
+
AUTHORIZE_OPTIONS = %i[access_type hd login_hint prompt request_visible_actions scope state redirect_uri include_granted_scopes enable_granular_consent openid_realm device_id device_name]
|
|
19
19
|
|
|
20
20
|
option :name, 'google_oauth2'
|
|
21
21
|
option :skip_friends, true
|
|
@@ -231,7 +231,7 @@ module OmniAuth
|
|
|
231
231
|
return nil unless access_token
|
|
232
232
|
|
|
233
233
|
@token_info ||= Hash.new do |h, k|
|
|
234
|
-
h[k] = client.request(:
|
|
234
|
+
h[k] = client.request(:post, 'https://www.googleapis.com/oauth2/v3/tokeninfo', body: { access_token: access_token }).parsed
|
|
235
235
|
end
|
|
236
236
|
|
|
237
237
|
@token_info[access_token]
|
|
@@ -21,9 +21,9 @@ Gem::Specification.new do |gem|
|
|
|
21
21
|
gem.required_ruby_version = '>= 2.2'
|
|
22
22
|
|
|
23
23
|
gem.add_runtime_dependency 'jwt', '>= 2.0'
|
|
24
|
-
gem.add_runtime_dependency 'oauth2', '~> 2.0
|
|
24
|
+
gem.add_runtime_dependency 'oauth2', '~> 2.0'
|
|
25
25
|
gem.add_runtime_dependency 'omniauth', '~> 2.0'
|
|
26
|
-
gem.add_runtime_dependency 'omniauth-oauth2', '~> 1.8
|
|
26
|
+
gem.add_runtime_dependency 'omniauth-oauth2', '~> 1.8'
|
|
27
27
|
|
|
28
28
|
gem.add_development_dependency 'rake', '~> 12.0'
|
|
29
29
|
gem.add_development_dependency 'rspec', '~> 3.6'
|
|
@@ -176,6 +176,17 @@ describe OmniAuth::Strategies::GoogleOauth2 do
|
|
|
176
176
|
end
|
|
177
177
|
end
|
|
178
178
|
|
|
179
|
+
describe 'enable_granular_consent' do
|
|
180
|
+
it 'should default to nil' do
|
|
181
|
+
expect(subject.authorize_params['enable_granular_consent']).to eq(nil)
|
|
182
|
+
end
|
|
183
|
+
|
|
184
|
+
it 'should set the enable_granular_consent parameter if present' do
|
|
185
|
+
@options = { enable_granular_consent: 'true' }
|
|
186
|
+
expect(subject.authorize_params['enable_granular_consent']).to eq('true')
|
|
187
|
+
end
|
|
188
|
+
end
|
|
189
|
+
|
|
179
190
|
describe 'scope' do
|
|
180
191
|
it 'should expand scope shortcuts' do
|
|
181
192
|
@options = { scope: 'calendar' }
|
|
@@ -373,7 +384,7 @@ describe OmniAuth::Strategies::GoogleOauth2 do
|
|
|
373
384
|
subject.options.client_options[:connection_build] = proc do |builder|
|
|
374
385
|
builder.request :url_encoded
|
|
375
386
|
builder.adapter :test do |stub|
|
|
376
|
-
stub.
|
|
387
|
+
stub.post('/oauth2/v3/tokeninfo', 'access_token=valid_access_token') do
|
|
377
388
|
[200, { 'Content-Type' => 'application/json; charset=UTF-8' }, JSON.dump(
|
|
378
389
|
aud: '000000000000.apps.googleusercontent.com',
|
|
379
390
|
sub: '123456789',
|
|
@@ -770,7 +781,7 @@ describe OmniAuth::Strategies::GoogleOauth2 do
|
|
|
770
781
|
subject.options.client_options[:connection_build] = proc do |builder|
|
|
771
782
|
builder.request :url_encoded
|
|
772
783
|
builder.adapter :test do |stub|
|
|
773
|
-
stub.
|
|
784
|
+
stub.post('/oauth2/v3/tokeninfo', 'access_token=valid_access_token') do
|
|
774
785
|
[200, { 'Content-Type' => 'application/json; charset=UTF-8' }, JSON.dump(
|
|
775
786
|
aud: '000000000000.apps.googleusercontent.com',
|
|
776
787
|
sub: '123456789',
|
|
@@ -781,7 +792,7 @@ describe OmniAuth::Strategies::GoogleOauth2 do
|
|
|
781
792
|
expires_in: 436
|
|
782
793
|
)]
|
|
783
794
|
end
|
|
784
|
-
stub.
|
|
795
|
+
stub.post('/oauth2/v3/tokeninfo', 'access_token=invalid_access_token') do
|
|
785
796
|
[400, { 'Content-Type' => 'application/json; charset=UTF-8' }, JSON.dump(error_description: 'Invalid Value')]
|
|
786
797
|
end
|
|
787
798
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: omniauth-google-oauth2
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.1.
|
|
4
|
+
version: 1.1.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Josh Ellithorpe
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2024-08-30 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: jwt
|
|
@@ -31,14 +31,14 @@ dependencies:
|
|
|
31
31
|
requirements:
|
|
32
32
|
- - "~>"
|
|
33
33
|
- !ruby/object:Gem::Version
|
|
34
|
-
version: 2.0
|
|
34
|
+
version: '2.0'
|
|
35
35
|
type: :runtime
|
|
36
36
|
prerelease: false
|
|
37
37
|
version_requirements: !ruby/object:Gem::Requirement
|
|
38
38
|
requirements:
|
|
39
39
|
- - "~>"
|
|
40
40
|
- !ruby/object:Gem::Version
|
|
41
|
-
version: 2.0
|
|
41
|
+
version: '2.0'
|
|
42
42
|
- !ruby/object:Gem::Dependency
|
|
43
43
|
name: omniauth
|
|
44
44
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -59,14 +59,14 @@ dependencies:
|
|
|
59
59
|
requirements:
|
|
60
60
|
- - "~>"
|
|
61
61
|
- !ruby/object:Gem::Version
|
|
62
|
-
version: 1.8
|
|
62
|
+
version: '1.8'
|
|
63
63
|
type: :runtime
|
|
64
64
|
prerelease: false
|
|
65
65
|
version_requirements: !ruby/object:Gem::Requirement
|
|
66
66
|
requirements:
|
|
67
67
|
- - "~>"
|
|
68
68
|
- !ruby/object:Gem::Version
|
|
69
|
-
version: 1.8
|
|
69
|
+
version: '1.8'
|
|
70
70
|
- !ruby/object:Gem::Dependency
|
|
71
71
|
name: rake
|
|
72
72
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -120,7 +120,6 @@ files:
|
|
|
120
120
|
- ".github/workflows/ci.yml"
|
|
121
121
|
- ".gitignore"
|
|
122
122
|
- ".rubocop.yml"
|
|
123
|
-
- ".travis.yml"
|
|
124
123
|
- CHANGELOG.md
|
|
125
124
|
- Gemfile
|
|
126
125
|
- README.md
|