omniauth-google-oauth2 1.1.1 → 1.1.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/ci.yml +1 -1
- data/.rubocop.yml +11 -1
- data/CHANGELOG.md +29 -0
- data/README.md +7 -1
- data/examples/Gemfile +1 -1
- data/examples/omni_auth.rb +4 -4
- data/lib/omniauth/google_oauth2/version.rb +1 -1
- data/lib/omniauth/strategies/google_oauth2.rb +2 -2
- data/omniauth-google-oauth2.gemspec +2 -2
- data/spec/omniauth/strategies/google_oauth2_spec.rb +14 -3
- metadata +6 -7
- data/.travis.yml +0 -9
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7eb54f22683d8785746e4da71576b5f84cf2f654961879dc10c2585b61ac27e6
|
|
4
|
+
data.tar.gz: 32dd7cb7faaece80dd26f9675f2cd46fc20d39531a2230d24709296fa53cf1bc
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: aebca15a4956422c94af941328c51007a4bf0d461fe109586ae90b4dddcfdc0acd8cc7a6abade1589986866040962be3457ab3ab4c27ebfbe3a390d15e1f0a38
|
|
7
|
+
data.tar.gz: 8d2a97f39e08ee8f8ccb00e6b9d7bdb6d9d96d26097ad36ca7486ba9f41a2671fa77c3b19628c83aa475a939c01331539df468d1280bc990927fc0e5475a3fe7
|
data/.github/workflows/ci.yml
CHANGED
data/.rubocop.yml
CHANGED
|
@@ -6,7 +6,7 @@ Metrics/BlockLength:
|
|
|
6
6
|
ExcludedMethods: ['describe', 'context', 'shared_examples']
|
|
7
7
|
Metrics/CyclomaticComplexity:
|
|
8
8
|
Enabled: false
|
|
9
|
-
|
|
9
|
+
Layout/LineLength:
|
|
10
10
|
Enabled: false
|
|
11
11
|
Metrics/MethodLength:
|
|
12
12
|
Enabled: false
|
|
@@ -18,3 +18,13 @@ Style/MutableConstant:
|
|
|
18
18
|
Enabled: false
|
|
19
19
|
Gemspec/RequiredRubyVersion:
|
|
20
20
|
Enabled: false
|
|
21
|
+
Lint/RaiseException:
|
|
22
|
+
Enabled: false
|
|
23
|
+
Lint/StructNewOverride:
|
|
24
|
+
Enabled: false
|
|
25
|
+
Style/HashEachMethods:
|
|
26
|
+
Enabled: false
|
|
27
|
+
Style/HashTransformKeys:
|
|
28
|
+
Enabled: false
|
|
29
|
+
Style/HashTransformValues:
|
|
30
|
+
Enabled: false
|
data/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,35 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
All notable changes to this project will be documented in this file.
|
|
3
3
|
|
|
4
|
+
## 1.1.3 - 2024-08-29
|
|
5
|
+
|
|
6
|
+
### Added
|
|
7
|
+
- Updated to use POST instead of GET for tokeninfo endpoint.
|
|
8
|
+
|
|
9
|
+
### Deprecated
|
|
10
|
+
- Nothing.
|
|
11
|
+
|
|
12
|
+
### Removed
|
|
13
|
+
- Nothing.
|
|
14
|
+
|
|
15
|
+
### Fixed
|
|
16
|
+
- Documentation typos.
|
|
17
|
+
- Rubocop configuration updates.
|
|
18
|
+
|
|
19
|
+
## 1.1.2 - 2024-03-28
|
|
20
|
+
|
|
21
|
+
### Added
|
|
22
|
+
- Add support for enable_granular_consent option (#455)
|
|
23
|
+
|
|
24
|
+
### Deprecated
|
|
25
|
+
- Nothing.
|
|
26
|
+
|
|
27
|
+
### Removed
|
|
28
|
+
- Nothing.
|
|
29
|
+
|
|
30
|
+
### Fixed
|
|
31
|
+
- Nothing.
|
|
32
|
+
|
|
4
33
|
## 1.1.1 - 2022-09-05
|
|
5
34
|
|
|
6
35
|
### Added
|
data/README.md
CHANGED
|
@@ -40,6 +40,8 @@ You can now access the OmniAuth Google OAuth2 URL: `/auth/google_oauth2`
|
|
|
40
40
|
|
|
41
41
|
For more examples please check out `examples/omni_auth.rb`
|
|
42
42
|
|
|
43
|
+
[Using Devise? Skip the above and jump down to the Devise section!](#devise) After setting up the provider via Devise, you can reference the configurations below.
|
|
44
|
+
|
|
43
45
|
NOTE: While developing your application, if you change the scope in the initializer you will need to restart your app server. Remember that either the 'email' or 'profile' scope is required!
|
|
44
46
|
|
|
45
47
|
## Configuration
|
|
@@ -81,6 +83,8 @@ You can configure several options, which you pass in to the `provider` method vi
|
|
|
81
83
|
|
|
82
84
|
* `include_granted_scopes`: If this is provided with the value true, and the authorization request is granted, the authorization will include any previous authorizations granted to this user/application combination for other scopes. See Google's [Incremental Authorization](https://developers.google.com/accounts/docs/OAuth2WebServer#incrementalAuth) for additional details.
|
|
83
85
|
|
|
86
|
+
* `enable_granular_consent`: If this is provided with the value true, users can choose to only grant access to specific data. See Google's [How to handle granular permissions](https://developers.google.com/identity/protocols/oauth2/resources/granular-permissions) guide for additional details.
|
|
87
|
+
|
|
84
88
|
* `openid_realm`: Set the OpenID realm value, to allow upgrading from OpenID based authentication to OAuth 2 based authentication. When this is set correctly an `openid_id` value will be set in `['extra']['id_info']` in the authentication hash with the value of the user's OpenID ID URL.
|
|
85
89
|
|
|
86
90
|
* `provider_ignores_state`: You will need to set this to `true` when using the `One-time Code Flow` below. In this flow there is no server side redirect that would set the state.
|
|
@@ -201,6 +205,8 @@ end
|
|
|
201
205
|
and bind to or create the user
|
|
202
206
|
|
|
203
207
|
```ruby
|
|
208
|
+
# app/models/user.rb
|
|
209
|
+
|
|
204
210
|
def self.from_omniauth(access_token)
|
|
205
211
|
data = access_token.info
|
|
206
212
|
user = User.where(email: data['email']).first
|
|
@@ -229,7 +235,7 @@ For your views you can login using:
|
|
|
229
235
|
<%= link_to "Sign in with Google", user_omniauth_authorize_path(:google_oauth2) %>
|
|
230
236
|
```
|
|
231
237
|
|
|
232
|
-
An overview is available at https://github.com/
|
|
238
|
+
An overview is available at https://github.com/heartcombo/devise/wiki/OmniAuth:-Overview
|
|
233
239
|
|
|
234
240
|
### One-time Code Flow (Hybrid Authentication)
|
|
235
241
|
|
data/examples/Gemfile
CHANGED
data/examples/omni_auth.rb
CHANGED
|
@@ -8,11 +8,11 @@ Rails.application.config.middleware.use OmniAuth::Builder do
|
|
|
8
8
|
# Default usage, this will give you offline access and a refresh token
|
|
9
9
|
# using default scopes 'email' and 'profile'
|
|
10
10
|
#
|
|
11
|
-
provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'], scope: 'email,profile'
|
|
11
|
+
provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'], scope: 'email, profile'
|
|
12
12
|
|
|
13
13
|
# Custom redirect_uri
|
|
14
14
|
#
|
|
15
|
-
# provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'], scope: 'email,profile', redirect_uri: 'https://localhost:3000/redirect'
|
|
15
|
+
# provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'], scope: 'email, profile', redirect_uri: 'https://localhost:3000/redirect'
|
|
16
16
|
|
|
17
17
|
# Manual setup for offline access with a refresh token.
|
|
18
18
|
#
|
|
@@ -21,7 +21,7 @@ Rails.application.config.middleware.use OmniAuth::Builder do
|
|
|
21
21
|
# Custom scope supporting youtube. If you are customizing scopes, remember
|
|
22
22
|
# to include the default scopes 'email' and 'profile'
|
|
23
23
|
#
|
|
24
|
-
# provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'], scope: 'http://gdata.youtube.com,email,profile,plus.me'
|
|
24
|
+
# provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'], scope: 'http://gdata.youtube.com, email, profile, plus.me'
|
|
25
25
|
|
|
26
26
|
# Custom scope for users only using Google for account creation/auth and do not require a refresh token.
|
|
27
27
|
#
|
|
@@ -29,7 +29,7 @@ Rails.application.config.middleware.use OmniAuth::Builder do
|
|
|
29
29
|
|
|
30
30
|
# To include information about people in your circles you must include the 'plus.login' scope.
|
|
31
31
|
#
|
|
32
|
-
# provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'], skip_friends: false, scope: 'email,profile,plus.login'
|
|
32
|
+
# provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'], skip_friends: false, scope: 'email, profile, plus.login'
|
|
33
33
|
|
|
34
34
|
# If you need to acquire whether user picture is a default one or uploaded by user.
|
|
35
35
|
#
|
|
@@ -15,7 +15,7 @@ module OmniAuth
|
|
|
15
15
|
DEFAULT_SCOPE = 'email,profile'
|
|
16
16
|
USER_INFO_URL = 'https://www.googleapis.com/oauth2/v3/userinfo'
|
|
17
17
|
IMAGE_SIZE_REGEXP = /(s\d+(-c)?)|(w\d+-h\d+(-c)?)|(w\d+(-c)?)|(h\d+(-c)?)|c/
|
|
18
|
-
AUTHORIZE_OPTIONS = %i[access_type hd login_hint prompt request_visible_actions scope state redirect_uri include_granted_scopes openid_realm device_id device_name]
|
|
18
|
+
AUTHORIZE_OPTIONS = %i[access_type hd login_hint prompt request_visible_actions scope state redirect_uri include_granted_scopes enable_granular_consent openid_realm device_id device_name]
|
|
19
19
|
|
|
20
20
|
option :name, 'google_oauth2'
|
|
21
21
|
option :skip_friends, true
|
|
@@ -231,7 +231,7 @@ module OmniAuth
|
|
|
231
231
|
return nil unless access_token
|
|
232
232
|
|
|
233
233
|
@token_info ||= Hash.new do |h, k|
|
|
234
|
-
h[k] = client.request(:
|
|
234
|
+
h[k] = client.request(:post, 'https://www.googleapis.com/oauth2/v3/tokeninfo', body: { access_token: access_token }).parsed
|
|
235
235
|
end
|
|
236
236
|
|
|
237
237
|
@token_info[access_token]
|
|
@@ -21,9 +21,9 @@ Gem::Specification.new do |gem|
|
|
|
21
21
|
gem.required_ruby_version = '>= 2.2'
|
|
22
22
|
|
|
23
23
|
gem.add_runtime_dependency 'jwt', '>= 2.0'
|
|
24
|
-
gem.add_runtime_dependency 'oauth2', '~> 2.0
|
|
24
|
+
gem.add_runtime_dependency 'oauth2', '~> 2.0'
|
|
25
25
|
gem.add_runtime_dependency 'omniauth', '~> 2.0'
|
|
26
|
-
gem.add_runtime_dependency 'omniauth-oauth2', '~> 1.8
|
|
26
|
+
gem.add_runtime_dependency 'omniauth-oauth2', '~> 1.8'
|
|
27
27
|
|
|
28
28
|
gem.add_development_dependency 'rake', '~> 12.0'
|
|
29
29
|
gem.add_development_dependency 'rspec', '~> 3.6'
|
|
@@ -176,6 +176,17 @@ describe OmniAuth::Strategies::GoogleOauth2 do
|
|
|
176
176
|
end
|
|
177
177
|
end
|
|
178
178
|
|
|
179
|
+
describe 'enable_granular_consent' do
|
|
180
|
+
it 'should default to nil' do
|
|
181
|
+
expect(subject.authorize_params['enable_granular_consent']).to eq(nil)
|
|
182
|
+
end
|
|
183
|
+
|
|
184
|
+
it 'should set the enable_granular_consent parameter if present' do
|
|
185
|
+
@options = { enable_granular_consent: 'true' }
|
|
186
|
+
expect(subject.authorize_params['enable_granular_consent']).to eq('true')
|
|
187
|
+
end
|
|
188
|
+
end
|
|
189
|
+
|
|
179
190
|
describe 'scope' do
|
|
180
191
|
it 'should expand scope shortcuts' do
|
|
181
192
|
@options = { scope: 'calendar' }
|
|
@@ -373,7 +384,7 @@ describe OmniAuth::Strategies::GoogleOauth2 do
|
|
|
373
384
|
subject.options.client_options[:connection_build] = proc do |builder|
|
|
374
385
|
builder.request :url_encoded
|
|
375
386
|
builder.adapter :test do |stub|
|
|
376
|
-
stub.
|
|
387
|
+
stub.post('/oauth2/v3/tokeninfo', 'access_token=valid_access_token') do
|
|
377
388
|
[200, { 'Content-Type' => 'application/json; charset=UTF-8' }, JSON.dump(
|
|
378
389
|
aud: '000000000000.apps.googleusercontent.com',
|
|
379
390
|
sub: '123456789',
|
|
@@ -770,7 +781,7 @@ describe OmniAuth::Strategies::GoogleOauth2 do
|
|
|
770
781
|
subject.options.client_options[:connection_build] = proc do |builder|
|
|
771
782
|
builder.request :url_encoded
|
|
772
783
|
builder.adapter :test do |stub|
|
|
773
|
-
stub.
|
|
784
|
+
stub.post('/oauth2/v3/tokeninfo', 'access_token=valid_access_token') do
|
|
774
785
|
[200, { 'Content-Type' => 'application/json; charset=UTF-8' }, JSON.dump(
|
|
775
786
|
aud: '000000000000.apps.googleusercontent.com',
|
|
776
787
|
sub: '123456789',
|
|
@@ -781,7 +792,7 @@ describe OmniAuth::Strategies::GoogleOauth2 do
|
|
|
781
792
|
expires_in: 436
|
|
782
793
|
)]
|
|
783
794
|
end
|
|
784
|
-
stub.
|
|
795
|
+
stub.post('/oauth2/v3/tokeninfo', 'access_token=invalid_access_token') do
|
|
785
796
|
[400, { 'Content-Type' => 'application/json; charset=UTF-8' }, JSON.dump(error_description: 'Invalid Value')]
|
|
786
797
|
end
|
|
787
798
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: omniauth-google-oauth2
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.1.
|
|
4
|
+
version: 1.1.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Josh Ellithorpe
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2024-08-30 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: jwt
|
|
@@ -31,14 +31,14 @@ dependencies:
|
|
|
31
31
|
requirements:
|
|
32
32
|
- - "~>"
|
|
33
33
|
- !ruby/object:Gem::Version
|
|
34
|
-
version: 2.0
|
|
34
|
+
version: '2.0'
|
|
35
35
|
type: :runtime
|
|
36
36
|
prerelease: false
|
|
37
37
|
version_requirements: !ruby/object:Gem::Requirement
|
|
38
38
|
requirements:
|
|
39
39
|
- - "~>"
|
|
40
40
|
- !ruby/object:Gem::Version
|
|
41
|
-
version: 2.0
|
|
41
|
+
version: '2.0'
|
|
42
42
|
- !ruby/object:Gem::Dependency
|
|
43
43
|
name: omniauth
|
|
44
44
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -59,14 +59,14 @@ dependencies:
|
|
|
59
59
|
requirements:
|
|
60
60
|
- - "~>"
|
|
61
61
|
- !ruby/object:Gem::Version
|
|
62
|
-
version: 1.8
|
|
62
|
+
version: '1.8'
|
|
63
63
|
type: :runtime
|
|
64
64
|
prerelease: false
|
|
65
65
|
version_requirements: !ruby/object:Gem::Requirement
|
|
66
66
|
requirements:
|
|
67
67
|
- - "~>"
|
|
68
68
|
- !ruby/object:Gem::Version
|
|
69
|
-
version: 1.8
|
|
69
|
+
version: '1.8'
|
|
70
70
|
- !ruby/object:Gem::Dependency
|
|
71
71
|
name: rake
|
|
72
72
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -120,7 +120,6 @@ files:
|
|
|
120
120
|
- ".github/workflows/ci.yml"
|
|
121
121
|
- ".gitignore"
|
|
122
122
|
- ".rubocop.yml"
|
|
123
|
-
- ".travis.yml"
|
|
124
123
|
- CHANGELOG.md
|
|
125
124
|
- Gemfile
|
|
126
125
|
- README.md
|