omniauth-granicus 1.0.0

data/.gitignore

@@ -0,0 +1,7 @@
+*.gem
+.bundle
+.rspec
+/Gemfile.lock
+pkg/*
+.powenv
+tmp

data/Gemfile

@@ -0,0 +1,5 @@
+source :rubygems
+
+gemspec
+
+gem 'jruby-openssl', :platform => :jruby

data/README.md

@@ -0,0 +1,5 @@
+# OmniAuth Granicus
+
+Granicus OAuth2 Strategies for OmniAuth 1.0.
+
+Supports the OAuth 2.0 server-side flow. 

data/Rakefile

@@ -0,0 +1,6 @@
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/example/Gemfile

@@ -0,0 +1,7 @@
+source :rubygems
+
+# https://github.com/mkdynamic/omniauth-facebook/issues/20
+gem 'rack', '~> 1.3.6'
+
+gem 'sinatra'
+gem 'omniauth-facebook', :path => '../'

data/example/Gemfile.lock

@@ -0,0 +1,42 @@
+PATH
+  remote: ../
+  specs:
+    omniauth-facebook (1.2.0)
+      omniauth-oauth2 (~> 1.0.0)
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    addressable (2.2.7)
+    faraday (0.7.6)
+      addressable (~> 2.2)
+      multipart-post (~> 1.1)
+      rack (~> 1.1)
+    hashie (1.2.0)
+    multi_json (1.1.0)
+    multipart-post (1.1.5)
+    oauth2 (0.5.2)
+      faraday (~> 0.7)
+      multi_json (~> 1.0)
+    omniauth (1.0.2)
+      hashie (~> 1.2)
+      rack
+    omniauth-oauth2 (1.0.0)
+      oauth2 (~> 0.5.0)
+      omniauth (~> 1.0)
+    rack (1.3.6)
+    rack-protection (1.2.0)
+      rack
+    sinatra (1.3.2)
+      rack (~> 1.3, >= 1.3.6)
+      rack-protection (~> 1.2)
+      tilt (~> 1.3, >= 1.3.3)
+    tilt (1.3.3)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  omniauth-facebook!
+  rack (~> 1.3.6)
+  sinatra

data/example/config.ru

@@ -0,0 +1,118 @@
+require 'bundler/setup'
+require 'sinatra/base'
+require 'omniauth-facebook'
+
+# https://github.com/intridea/omniauth-oauth2/pull/9
+require 'timeout'
+
+SCOPE = 'email,read_stream'
+
+class App < Sinatra::Base
+  # turn off sinatra default X-Frame-Options for FB canvas
+  set :protection, :except => :frame_options
+
+  # server-side flow
+  get '/' do
+    # NOTE: you would just hit this endpoint directly from the browser
+    #       in a real app. the redirect is just here to setup the root
+    #       path in this example sinatra app.
+    redirect '/auth/facebook'
+  end
+
+  # client-side flow
+  get '/client-side' do
+    content_type 'text/html'
+    # NOTE: when you enable cookie below in the FB.init call
+    #       the GET request in the FB.login callback will send
+    #       a signed request in a cookie back the OmniAuth callback
+    #       which will parse out the authorization code and obtain
+    #       the access_token. This will be the exact same access_token
+    #       returned to the client in response.authResponse.accessToken.
+    <<-END
+      <html>
+      <head>
+        <title>Client-side Flow Example</title>
+        <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.7.0/jquery.min.js" type="text/javascript"></script>
+      </head>
+      <body>
+        <div id="fb-root"></div>
+
+        <script type="text/javascript">
+          window.fbAsyncInit = function() {
+            FB.init({
+              appId  : '#{ENV['APP_ID']}',
+              status : true, // check login status
+              cookie : true, // enable cookies to allow the server to access the session
+              xfbml  : true  // parse XFBML
+            });
+          };
+
+          (function(d) {
+            var js, id = 'facebook-jssdk'; if (d.getElementById(id)) {return;}
+            js = d.createElement('script'); js.id = id; js.async = true;
+            js.src = "//connect.facebook.net/en_US/all.js";
+            d.getElementsByTagName('head')[0].appendChild(js);
+          }(document));
+
+          $(function() {
+            $('a').click(function(e) {
+              e.preventDefault();
+
+              FB.login(function(response) {
+                if (response.authResponse) {
+                  $('#connect').html('Connected! Hitting OmniAuth callback (GET /auth/facebook/callback)...');
+
+                  // since we have cookies enabled, this request will allow omniauth to parse
+                  // out the auth code from the signed request in the fbsr_XXX cookie
+                  $.getJSON('/auth/facebook/callback', function(json) {
+                    $('#connect').html('Connected! Callback complete.');
+                    $('#results').html(JSON.stringify(json));
+                  });
+                }
+              }, { scope: '#{SCOPE}' });
+            });
+          });
+        </script>
+
+        <p id="connect">
+          <a href="#">Connect to FB</a>
+        </p>
+
+        <p id="results" />
+      </body>
+      </html>
+    END
+  end
+
+  # auth via FB canvas and signed request param
+  post '/canvas/' do
+    # we just redirect to /auth/facebook here which will parse the
+    # signed_request FB sends us, asking for auth if the user has
+    # not already granted access, or simply moving straight to the
+    # callback where they have already granted access.
+    #
+    # we pass the state parameter which we detect in our callback
+    # to do custom rendering/redirection for the canvas app page
+    redirect "/auth/facebook?signed_request=#{request.params['signed_request']}&state=canvas"
+  end
+
+  get '/auth/:provider/callback' do
+    # we can do something special here is +state+ param is canvas
+    # (see notes abovein /canvas/ method for more details)
+    content_type 'application/json'
+    MultiJson.encode(request.env)
+  end
+
+  get '/auth/failure' do
+    content_type 'application/json'
+    MultiJson.encode(request.env)
+  end
+end
+
+use Rack::Session::Cookie
+
+use OmniAuth::Builder do
+  provider :facebook, ENV['APP_ID'], ENV['APP_SECRET'], :scope => SCOPE
+end
+
+run App.new

data/lib/omniauth/granicus/version.rb

@@ -0,0 +1,5 @@
+module OmniAuth
+  module GranicusAdmin
+    VERSION = "1.0.0"
+  end
+end

data/lib/omniauth/granicus-admin.rb

@@ -0,0 +1,2 @@
+require 'omniauth/granicus/version'
+require 'omniauth/strategies/granicus-admin'

data/lib/omniauth/strategies/granicus-admin.rb

@@ -0,0 +1,136 @@
+require 'omniauth/strategies/oauth2'
+require 'base64'
+require 'openssl'
+require 'rack/utils'
+
+module OmniAuth
+  module Strategies
+    class GranicusAdmin < OmniAuth::Strategies::OAuth2
+      class NoAuthorizationCodeError < StandardError; end
+
+      DEFAULT_SCOPE = ''
+      
+      option :name, 'granicus_admin'
+      
+      option :client_options, {
+        :site => 'https://citizen.dev.granicus.com',
+        :token_url => '/auth/oauth/token',
+        :authorize_url => '/auth/oauth/authorize'
+      }
+
+      option :token_params, {
+        :parse => :query
+      }
+
+      option :access_token_options, {
+        :header_format => 'OAuth %s',
+        :param_name => 'access_token'
+      }
+
+      option :authorize_options, [:scope, :display]
+
+      uid { raw_info['id'] }
+
+      info do
+        prune!({
+          'nickname' => raw_info['username'],
+          'email' => raw_info['email'],
+          'name' => raw_info['name'],
+          'first_name' => raw_info['first_name'],
+          'last_name' => raw_info['last_name'],
+          'image' => "#{options[:secure_image_url] ? 'https' : 'http'}://graph.facebook.com/#{uid}/picture?type=square",
+          'description' => raw_info['bio'],
+          'urls' => {
+            'Facebook' => raw_info['link'],
+            'Website' => raw_info['website']
+          },
+          'location' => (raw_info['location'] || {})['name'],
+          'verified' => raw_info['verified']
+        })
+      end
+
+      credentials do
+        prune!({
+          'expires' => access_token.expires?,
+          'expires_at' => access_token.expires_at
+        })
+      end
+
+      extra do
+        prune!({
+          'raw_info' => raw_info
+        })
+      end
+
+      def raw_info
+        @raw_info ||= access_token.get('/me').parsed
+      end
+
+      def build_access_token
+        with_authorization_code! { super }.tap do |token|
+            token.options.merge!(access_token_options)
+        end
+      end
+
+      # NOTE if we're using code from the signed request
+      # then FB sets the redirect_uri to '' during the authorize
+      # phase + it must match during the access_token phase:
+      # https://github.com/facebook/php-sdk/blob/master/src/base_facebook.php#L348
+      def callback_url
+        options[:callback_url] || super
+      end
+
+      def access_token_options
+        options.access_token_options.inject({}) { |h,(k,v)| h[k.to_sym] = v; h }
+      end
+
+      ##
+      # You can pass +display+, +state+ or +scope+ params to the auth request, if
+      # you need to set them dynamically. You can also set these options
+      # in the OmniAuth config :authorize_params option.
+      #
+      # /auth/granicus_admin?host=sacramento.granicus.com
+      #
+      def authorize_params
+        super.tap do |params|
+          %w[host scope].each { |v| params[v.to_sym] = request.params[v] if request.params[v] }
+          params[:scope] ||= DEFAULT_SCOPE
+          if !params[:host].nil?
+            options.client_options[:site] = "https://#{params[:host]}"
+          end
+        end
+      end
+
+      private
+
+      ##
+      # Picks the authorization code in order, from:
+      #
+      # the request 'code' param (manual callback from standard server-side flow)
+      #
+      def with_authorization_code!
+        if request.params.key?('code')
+          yield
+        else
+          raise NoAuthorizationCodeError, 'must pass a `code` parameter'
+        end
+      end
+
+      def prune!(hash)
+        hash.delete_if do |_, value|
+          prune!(value) if value.is_a?(Hash)
+          value.nil? || (value.respond_to?(:empty?) && value.empty?)
+        end
+      end
+
+      # def valid_signature?(secret, signature, payload, algorithm = OpenSSL::Digest::SHA256.new)
+      #         OpenSSL::HMAC.digest(algorithm, secret, payload) == signature
+      #       end
+
+      def base64_decode_url(value)
+        value += '=' * (4 - value.size.modulo(4))
+        Base64.decode64(value.tr('-_', '+/'))
+      end
+    end
+  end
+end

data/lib/omniauth-granicus-admin.rb

@@ -0,0 +1 @@
+require 'omniauth/granicus-admin'

data/omniauth-granicus.gemspec

@@ -0,0 +1,22 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path('../lib', __FILE__)
+require 'omniauth/granicus/version'
+
+Gem::Specification.new do |s|
+  s.name     = 'omniauth-granicus'
+  s.version  = OmniAuth::GranicusAdmin::VERSION
+  s.authors  = ['Javier Muniz']
+  s.email    = ['javier@granicus.com']
+  s.summary  = 'Granicus Admin strategy for OmniAuth'
+  s.homepage = 'https://github.com/granicus/omniauth-granicus-admin'
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
+  s.require_paths = ['lib']
+
+  s.add_runtime_dependency 'omniauth-oauth2', '~> 1.0.0'
+
+  s.add_development_dependency 'rspec', '~> 2.7.0'
+  s.add_development_dependency 'rake'
+end

data/spec/omniauth/strategies/granicus_spec.rb

@@ -0,0 +1,339 @@
+require 'spec_helper'
+require 'omniauth-granicus-admin'
+require 'openssl'
+require 'base64'
+
+describe OmniAuth::Strategies::GranicusAdmin do
+  before :each do
+    @request = double('Request')
+    @request.stub(:params) { {} }
+    @request.stub(:cookies) { {} }
+    @request.stub(:env) { {} }
+
+    @client_id = '123'
+    @client_secret = '53cr3tz'
+  end
+
+  subject do
+    args = [@client_id, @client_secret, @options].compact
+    OmniAuth::Strategies::GranicusAdmin.new(nil, *args).tap do |strategy|
+      strategy.stub(:request) { @request }
+    end
+  end
+
+  it_should_behave_like 'an oauth2 strategy'
+
+  describe '#client' do
+    it 'has correct Granicus site' do
+      subject.client.site.should eq('https://citizen.dev.granicus.com')
+    end
+
+    it 'has correct authorize url' do
+      subject.client.options[:authorize_url].should eq('/auth/oauth/authorize')
+    end
+
+    it 'has correct token url' do
+      subject.client.options[:token_url].should eq('/auth/oauth/token')
+    end
+  end
+
+  describe '#callback_url' do
+    it "returns the default callback url" do
+      url_base = 'http://auth.request.com'
+      @request.stub(:url) { "#{url_base}/some/page" }
+      subject.stub(:script_name) { '' } # as not to depend on Rack env
+      subject.callback_url.should eq("#{url_base}/auth/granicus_admin/callback")
+    end
+
+    it "returns path from callback_path option" do
+      @options = { :callback_path => "/auth/FB/done"}
+      url_base = 'http://auth.request.com'
+      @request.stub(:url) { "#{url_base}/page/path" }
+      subject.stub(:script_name) { '' } # as not to depend on Rack env
+      subject.callback_url.should eq("#{url_base}/auth/FB/done")
+    end
+
+    it "returns url from callback_url option" do
+      url = 'https://auth.myapp.com/auth/fb/callback'
+      @options = { :callback_url => url }
+      subject.callback_url.should eq(url)
+    end
+  end
+
+  describe '#authorize_params' do
+    it 'includes default scope for session access' do
+      subject.authorize_params.should be_a(Hash)
+      subject.authorize_params[:scope].should eq('')
+    end
+
+    it 'changes site to site defined by host param in request when present' do
+      @request.stub(:params) { { 'host' => 'dev.dev.granicus.com' } }
+      subject.authorize_params.should be_a(Hash)
+      subject.authorize_params[:host].should eq('dev.dev.granicus.com')
+      subject.client.site.should eq('https://dev.dev.granicus.com')
+    end
+
+    it 'overrides default scope with parameter passed from request' do
+      @request.stub(:params) { { 'scope' => 'email' } }
+      subject.authorize_params.should be_a(Hash)
+      subject.authorize_params[:scope].should eq('email')
+    end
+  end
+
+  describe '#token_params' do
+    it 'has correct parse strategy' do
+      subject.token_params[:parse].should eq(:query)
+    end
+  end
+
+  describe '#access_token_options' do
+    it 'has correct param name by default' do
+      subject.access_token_options[:param_name].should eq('access_token')
+    end
+
+    it 'has correct header format by default' do
+      subject.access_token_options[:header_format].should eq('OAuth %s')
+    end
+  end
+
+  describe '#uid' do
+    before :each do
+      subject.stub(:raw_info) { { 'id' => '123' } }
+    end
+
+    it 'returns the id from raw_info' do
+      subject.uid.should eq('123')
+    end
+  end
+
+  describe '#info' do
+    context 'when optional data is not present in raw info' do
+      before :each do
+        @raw_info ||= { 'name' => 'Fred Smith' }
+        subject.stub(:raw_info) { @raw_info }
+      end
+
+      it 'has no email key' do
+        subject.info.should_not have_key('email')
+      end
+
+      it 'has no nickname key' do
+        subject.info.should_not have_key('nickname')
+      end
+
+      it 'has no first name key' do
+        subject.info.should_not have_key('first_name')
+      end
+
+      it 'has no last name key' do
+        subject.info.should_not have_key('last_name')
+      end
+
+      it 'has no location key' do
+        subject.info.should_not have_key('location')
+      end
+
+      it 'has no description key' do
+        subject.info.should_not have_key('description')
+      end
+
+      it 'has no urls' do
+        subject.info.should_not have_key('urls')
+      end
+
+      it 'has no verified key' do
+        subject.info.should_not have_key('verified')
+      end
+    end
+
+    context 'when optional data is present in raw info' do
+      before :each do
+        @raw_info ||= { 'name' => 'Fred Smith' }
+        subject.stub(:raw_info) { @raw_info }
+      end
+
+      it 'returns the name' do
+        subject.info['name'].should eq('Fred Smith')
+      end
+
+      it 'returns the email' do
+        @raw_info['email'] = 'fred@smith.com'
+        subject.info['email'].should eq('fred@smith.com')
+      end
+
+      it 'returns the username as nickname' do
+        @raw_info['username'] = 'fredsmith'
+        subject.info['nickname'].should eq('fredsmith')
+      end
+
+      it 'returns the first name' do
+        @raw_info['first_name'] = 'Fred'
+        subject.info['first_name'].should eq('Fred')
+      end
+
+      it 'returns the last name' do
+        @raw_info['last_name'] = 'Smith'
+        subject.info['last_name'].should eq('Smith')
+      end
+
+      it 'returns the location name as location' do
+        @raw_info['location'] = { 'id' => '104022926303756', 'name' => 'Palo Alto, California' }
+        subject.info['location'].should eq('Palo Alto, California')
+      end
+
+      it 'returns bio as description' do
+        @raw_info['bio'] = 'I am great'
+        subject.info['description'].should eq('I am great')
+      end
+
+      it 'returns the square format granicus avatar url' do
+        @raw_info['id'] = '321'
+        subject.info['image'].should eq('http://graph.facebook.com/321/picture?type=square')
+      end
+
+      it 'returns the Facebook link as the Facebook url' do
+        @raw_info['link'] = 'http://www.facebook.com/fredsmith'
+        subject.info['urls'].should be_a(Hash)
+        subject.info['urls']['Facebook'].should eq('http://www.facebook.com/fredsmith')
+      end
+
+      it 'returns website url' do
+        @raw_info['website'] = 'https://my-wonderful-site.com'
+        subject.info['urls'].should be_a(Hash)
+        subject.info['urls']['Website'].should eq('https://my-wonderful-site.com')
+      end
+
+      it 'return both Facebook link and website urls' do
+        @raw_info['link'] = 'http://www.facebook.com/fredsmith'
+        @raw_info['website'] = 'https://my-wonderful-site.com'
+        subject.info['urls'].should be_a(Hash)
+        subject.info['urls']['Facebook'].should eq('http://www.facebook.com/fredsmith')
+        subject.info['urls']['Website'].should eq('https://my-wonderful-site.com')
+      end
+
+      it 'returns the positive verified status' do
+        @raw_info['verified'] = true
+        subject.info['verified'].should be_true
+      end
+
+      it 'returns the negative verified status' do
+        @raw_info['verified'] = false
+        subject.info['verified'].should be_false
+      end
+    end
+
+    it 'returns the secure facebook avatar url when `secure_image_url` option is specified' do
+      @options = { :secure_image_url => true }
+      raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
+      subject.stub(:raw_info) { raw_info }
+      subject.info['image'].should eq('https://graph.facebook.com/321/picture?type=square')
+    end
+  end
+
+  describe '#raw_info' do
+    before :each do
+      @access_token = double('OAuth2::AccessToken')
+      subject.stub(:access_token) { @access_token }
+    end
+
+    it 'performs a GET to https://graph.facebook.com/me' do
+      @access_token.stub(:get) { double('OAuth2::Response').as_null_object }
+      @access_token.should_receive(:get).with('/me')
+      subject.raw_info
+    end
+
+    it 'returns a Hash' do
+      @access_token.stub(:get).with('/me') do
+        raw_response = double('Faraday::Response')
+        raw_response.stub(:body) { '{ "ohai": "thar" }' }
+        raw_response.stub(:status) { 200 }
+        raw_response.stub(:headers) { { 'Content-Type' => 'application/json' } }
+        OAuth2::Response.new(raw_response)
+      end
+      subject.raw_info.should be_a(Hash)
+      subject.raw_info['ohai'].should eq('thar')
+    end
+  end
+
+  describe '#credentials' do
+    before :each do
+      @access_token = double('OAuth2::AccessToken')
+      @access_token.stub(:token)
+      @access_token.stub(:expires?)
+      @access_token.stub(:expires_at)
+      @access_token.stub(:refresh_token)
+      subject.stub(:access_token) { @access_token }
+    end
+
+    it 'returns a Hash' do
+      subject.credentials.should be_a(Hash)
+    end
+
+    it 'returns the token' do
+      @access_token.stub(:token) { '123' }
+      subject.credentials['token'].should eq('123')
+    end
+
+    it 'returns the expiry status' do
+      @access_token.stub(:expires?) { true }
+      subject.credentials['expires'].should eq(true)
+
+      @access_token.stub(:expires?) { false }
+      subject.credentials['expires'].should eq(false)
+    end
+
+    it 'returns the refresh token and expiry time when expiring' do
+      ten_mins_from_now = (Time.now + 600).to_i
+      @access_token.stub(:expires?) { true }
+      @access_token.stub(:refresh_token) { '321' }
+      @access_token.stub(:expires_at) { ten_mins_from_now }
+      subject.credentials['refresh_token'].should eq('321')
+      subject.credentials['expires_at'].should eq(ten_mins_from_now)
+    end
+
+    it 'does not return the refresh token when it is nil and expiring' do
+      @access_token.stub(:expires?) { true }
+      @access_token.stub(:refresh_token) { nil }
+      subject.credentials['refresh_token'].should be_nil
+      subject.credentials.should_not have_key('refresh_token')
+    end
+
+    it 'does not return the refresh token when not expiring' do
+      @access_token.stub(:expires?) { false }
+      @access_token.stub(:refresh_token) { 'XXX' }
+      subject.credentials['refresh_token'].should be_nil
+      subject.credentials.should_not have_key('refresh_token')
+    end
+  end
+
+  describe '#extra' do
+    before :each do
+      @raw_info = { 'name' => 'Fred Smith' }
+      subject.stub(:raw_info) { @raw_info }
+    end
+
+    it 'returns a Hash' do
+      subject.extra.should be_a(Hash)
+    end
+
+    it 'contains raw info' do
+      subject.extra.should eq({ 'raw_info' => @raw_info })
+    end
+  end
+
+private
+
+  def signed_request(payload, secret)
+    encoded_payload = base64_encode_url(MultiJson.dump(payload))
+    encoded_signature = base64_encode_url(signature(encoded_payload, secret))
+    [encoded_signature, encoded_payload].join('.')
+  end
+
+  def base64_encode_url(value)
+    Base64.encode64(value).tr('+/', '-_').gsub(/\n/, '')
+  end
+
+  def signature(payload, secret, algorithm = OpenSSL::Digest::SHA256.new)
+    OpenSSL::HMAC.digest(algorithm, secret, payload)
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,6 @@
+require 'bundler/setup'
+require 'rspec'
+Dir[File.expand_path('../support/**/*', __FILE__)].each { |f| require f }
+
+RSpec.configure do |config|
+end

data/spec/support/shared_examples.rb

@@ -0,0 +1,37 @@
+# NOTE it would be useful if this lived in omniauth-oauth2 eventually
+shared_examples 'an oauth2 strategy' do
+  describe '#client' do
+    it 'should be initialized with symbolized client_options' do
+      @options = { :client_options => { 'authorize_url' => 'https://example.com' } }
+      subject.client.options[:authorize_url].should == 'https://example.com'
+    end
+  end
+
+  describe '#authorize_params' do
+    it 'should include any authorize params passed in the :authorize_params option' do
+      @options = { :authorize_params => { :foo => 'bar', :baz => 'zip' } }
+      subject.authorize_params['foo'].should eq('bar')
+      subject.authorize_params['baz'].should eq('zip')
+    end
+
+    it 'should include top-level options that are marked as :authorize_options' do
+      @options = { :authorize_options => [:scope, :foo], :scope => 'bar', :foo => 'baz' }
+      subject.authorize_params['scope'].should eq('bar')
+      subject.authorize_params['foo'].should eq('baz')
+    end
+  end
+
+  describe '#token_params' do
+    it 'should include any authorize params passed in the :authorize_params option' do
+      @options = { :token_params => { :foo => 'bar', :baz => 'zip' } }
+      subject.token_params['foo'].should eq('bar')
+      subject.token_params['baz'].should eq('zip')
+    end
+
+    it 'should include top-level options that are marked as :authorize_options' do
+      @options = { :token_options => [:scope, :foo], :scope => 'bar', :foo => 'baz' }
+      subject.token_params['scope'].should eq('bar')
+      subject.token_params['foo'].should eq('baz')
+    end
+  end
+end

metadata

@@ -0,0 +1,96 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-granicus
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+  prerelease: 
+platform: ruby
+authors:
+- Javier Muniz
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-04-24 00:00:00.000000000Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: omniauth-oauth2
+  requirement: &2152710860 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: *2152710860
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: &2152703180 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.7.0
+  type: :development
+  prerelease: false
+  version_requirements: *2152703180
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: &2152702700 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *2152702700
+description: 
+email:
+- javier@granicus.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- README.md
+- Rakefile
+- example/Gemfile
+- example/Gemfile.lock
+- example/config.ru
+- lib/omniauth-granicus-admin.rb
+- lib/omniauth/granicus-admin.rb
+- lib/omniauth/granicus/version.rb
+- lib/omniauth/strategies/granicus-admin.rb
+- omniauth-granicus.gemspec
+- spec/omniauth/strategies/granicus_spec.rb
+- spec/spec_helper.rb
+- spec/support/shared_examples.rb
+homepage: https://github.com/granicus/omniauth-granicus-admin
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.5
+signing_key: 
+specification_version: 3
+summary: Granicus Admin strategy for OmniAuth
+test_files:
+- spec/omniauth/strategies/granicus_spec.rb
+- spec/spec_helper.rb
+- spec/support/shared_examples.rb