omniauth-himari 0.1.1 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +17 -1
- data/lib/omniauth/strategies/himari.rb +17 -11
- data/lib/omniauth-himari/version.rb +1 -1
- data/lib/omniauth-himari.rb +2 -0
- data/omniauth-himari.gemspec +8 -8
- metadata +7 -10
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ab98117f1451b0b99efcfa2b448295700d9c3ea50bb1ff7fce9857c887fb1884
|
|
4
|
+
data.tar.gz: 5a5f6efcdb3b9e325b266a962dd7aeae2a0986724cdd4b00cf3c9a18072a9892
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0c3660a3595d98d24c535ccf7a9c518c71830163d2d344ff8d7077cca0c7f409dd1dda2c28e84cbcabeee229e371186d2e020dac7c7ee94b98ef763be340a008
|
|
7
|
+
data.tar.gz: 48fdb5b0cd2ad8900fba76a848564e2bdb9cf80e952bbe3fe994bb5aaf63c57e8d54b22788f72f89c92cbfcf2aff19909a05beafbf67389220f6c5d334a529ed
|
data/CHANGELOG.md
CHANGED
|
@@ -1,4 +1,20 @@
|
|
|
1
|
-
## [
|
|
1
|
+
## [0.3.0] - 2026-06-03
|
|
2
|
+
|
|
3
|
+
### Enhancements
|
|
4
|
+
|
|
5
|
+
- Add `scope` option (default `openid`) to request scopes from Himari [#14](https://github.com/sorah/himari/pull/14)
|
|
6
|
+
|
|
7
|
+
## [0.2.0] - 2023-03-26
|
|
8
|
+
|
|
9
|
+
### Enhancements
|
|
10
|
+
|
|
11
|
+
- Pass through the `prompt` parameter, supporting `prompt=login` reauthentication [#8](https://github.com/sorah/himari/pull/8)
|
|
12
|
+
|
|
13
|
+
## [0.1.1] - 2023-03-26
|
|
14
|
+
|
|
15
|
+
### Bug fixes
|
|
16
|
+
|
|
17
|
+
- Declare a direct dependency on the `jwt` gem.
|
|
2
18
|
|
|
3
19
|
## [0.1.0] - 2023-03-24
|
|
4
20
|
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require 'omniauth'
|
|
2
4
|
require 'omniauth-oauth2'
|
|
3
5
|
require 'oauth2'
|
|
@@ -18,6 +20,8 @@ module OmniAuth
|
|
|
18
20
|
option :client_options, {}
|
|
19
21
|
option :pkce, true
|
|
20
22
|
|
|
23
|
+
option :scope, 'openid'
|
|
24
|
+
|
|
21
25
|
option :verify_options, {}
|
|
22
26
|
option :verify_at_hash, true
|
|
23
27
|
|
|
@@ -44,6 +48,7 @@ module OmniAuth
|
|
|
44
48
|
|
|
45
49
|
raise ConfigurationError, "client_id and client_secret is required" unless options.client_id && options.client_secret
|
|
46
50
|
raise ConfigurationError, "site is required" unless options.client_options.site
|
|
51
|
+
|
|
47
52
|
super
|
|
48
53
|
end
|
|
49
54
|
|
|
@@ -57,6 +62,7 @@ module OmniAuth
|
|
|
57
62
|
'id_token' => access_token.params && access_token.params['id_token'],
|
|
58
63
|
}
|
|
59
64
|
raise IdTokenMissing, 'id_token is missing' unless retval['id_token']
|
|
65
|
+
|
|
60
66
|
retval
|
|
61
67
|
end
|
|
62
68
|
|
|
@@ -83,15 +89,15 @@ module OmniAuth
|
|
|
83
89
|
return unless options.verify_at_hash
|
|
84
90
|
|
|
85
91
|
function = case id_token.header['alg'] # this is safe as we've verified
|
|
86
|
-
when 'ES256', 'RS256'
|
|
87
|
-
when 'ES384'
|
|
88
|
-
when 'ES512'
|
|
92
|
+
when 'ES256', 'RS256' then Digest::SHA256
|
|
93
|
+
when 'ES384' then Digest::SHA384
|
|
94
|
+
when 'ES512' then Digest::SHA512
|
|
89
95
|
else
|
|
90
|
-
raise VerificationError, "unknown hash function to verify at_hash for #{id_token.header[
|
|
96
|
+
raise VerificationError, "unknown hash function to verify at_hash for #{id_token.header["alg"]}"
|
|
91
97
|
end
|
|
92
98
|
|
|
93
99
|
dgst = function.digest(access_token.token)
|
|
94
|
-
expected_at_hash = Base64.urlsafe_encode64(dgst[0, dgst.size/2], padding: false)
|
|
100
|
+
expected_at_hash = Base64.urlsafe_encode64(dgst[0, dgst.size / 2], padding: false)
|
|
95
101
|
|
|
96
102
|
given_at_hash = id_token.claims['at_hash']
|
|
97
103
|
|
|
@@ -101,7 +107,7 @@ module OmniAuth
|
|
|
101
107
|
end
|
|
102
108
|
|
|
103
109
|
def raw_info
|
|
104
|
-
@raw_info ||=
|
|
110
|
+
@raw_info ||= !skip_info? && options.use_userinfo ? access_token.get('/public/oidc/userinfo').parsed : id_token.claims
|
|
105
111
|
end
|
|
106
112
|
|
|
107
113
|
def faraday
|
|
@@ -121,7 +127,9 @@ module OmniAuth
|
|
|
121
127
|
|
|
122
128
|
def authorize_params
|
|
123
129
|
super.tap do |params|
|
|
124
|
-
|
|
130
|
+
# super reads options.scope; default to 'openid' if the caller cleared it.
|
|
131
|
+
params[:scope] ||= options.scope || 'openid'
|
|
132
|
+
params[:prompt] = request.GET['prompt'] if request.GET['prompt']
|
|
125
133
|
end
|
|
126
134
|
end
|
|
127
135
|
|
|
@@ -142,7 +150,7 @@ module OmniAuth
|
|
|
142
150
|
verify_iss: true,
|
|
143
151
|
iss: options.site,
|
|
144
152
|
verify_expiration: true,
|
|
145
|
-
}.merge(options.verify_options)
|
|
153
|
+
}.merge(options.verify_options),
|
|
146
154
|
))
|
|
147
155
|
verify_at_hash!(retval)
|
|
148
156
|
retval
|
|
@@ -168,11 +176,9 @@ module OmniAuth
|
|
|
168
176
|
end
|
|
169
177
|
|
|
170
178
|
def inspect
|
|
171
|
-
"#<#{self.class.name}:0x#{
|
|
179
|
+
"#<#{self.class.name}:0x#{__id__.to_s(16)}>"
|
|
172
180
|
end
|
|
173
181
|
end
|
|
174
182
|
end
|
|
175
183
|
end
|
|
176
184
|
end
|
|
177
|
-
|
|
178
|
-
|
data/lib/omniauth-himari.rb
CHANGED
data/omniauth-himari.gemspec
CHANGED
|
@@ -16,15 +16,15 @@ Gem::Specification.new do |spec|
|
|
|
16
16
|
|
|
17
17
|
spec.metadata["homepage_uri"] = spec.homepage
|
|
18
18
|
spec.metadata["source_code_uri"] = "https://github.com/sorah/himari"
|
|
19
|
-
#spec.metadata["changelog_uri"] = "TODO: Put your gem's CHANGELOG.md URL here."
|
|
19
|
+
# spec.metadata["changelog_uri"] = "TODO: Put your gem's CHANGELOG.md URL here."
|
|
20
20
|
|
|
21
21
|
# Specify which files should be added to the gem when it is released.
|
|
22
22
|
# The `git ls-files -z` loads the files in the RubyGem that have been added into git.
|
|
23
|
-
if ENV['HIMARI_LAMBDA_IMAGE']
|
|
24
|
-
|
|
23
|
+
spec.files = if ENV['HIMARI_LAMBDA_IMAGE']
|
|
24
|
+
Dir.chdir(__dir__) { Dir["./**/*"] }.reject { |f| File.expand_path(f) == __FILE__ }
|
|
25
25
|
else
|
|
26
|
-
|
|
27
|
-
|
|
26
|
+
Dir.chdir(__dir__) do
|
|
27
|
+
%x(git ls-files -z).split("\x0").reject do |f|
|
|
28
28
|
(f == __FILE__) || f.match(%r{\A(?:(?:bin|test|spec|features)/|\.(?:git|travis|circleci)|appveyor)})
|
|
29
29
|
end
|
|
30
30
|
end
|
|
@@ -33,11 +33,11 @@ Gem::Specification.new do |spec|
|
|
|
33
33
|
spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
|
|
34
34
|
spec.require_paths = ["lib"]
|
|
35
35
|
|
|
36
|
-
spec.add_dependency 'omniauth'
|
|
37
|
-
spec.add_dependency 'omniauth-oauth2'
|
|
38
|
-
spec.add_dependency 'oauth2'
|
|
39
36
|
spec.add_dependency 'faraday'
|
|
40
37
|
spec.add_dependency 'jwt'
|
|
38
|
+
spec.add_dependency 'oauth2'
|
|
39
|
+
spec.add_dependency 'omniauth'
|
|
40
|
+
spec.add_dependency 'omniauth-oauth2'
|
|
41
41
|
|
|
42
42
|
# Uncomment to register a new dependency of your gem
|
|
43
43
|
# spec.add_dependency "example-gem", "~> 1.0"
|
metadata
CHANGED
|
@@ -1,17 +1,16 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: omniauth-himari
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sorah Fukumori
|
|
8
|
-
autorequire:
|
|
9
8
|
bindir: exe
|
|
10
9
|
cert_chain: []
|
|
11
|
-
date:
|
|
10
|
+
date: 1980-01-02 00:00:00.000000000 Z
|
|
12
11
|
dependencies:
|
|
13
12
|
- !ruby/object:Gem::Dependency
|
|
14
|
-
name:
|
|
13
|
+
name: faraday
|
|
15
14
|
requirement: !ruby/object:Gem::Requirement
|
|
16
15
|
requirements:
|
|
17
16
|
- - ">="
|
|
@@ -25,7 +24,7 @@ dependencies:
|
|
|
25
24
|
- !ruby/object:Gem::Version
|
|
26
25
|
version: '0'
|
|
27
26
|
- !ruby/object:Gem::Dependency
|
|
28
|
-
name:
|
|
27
|
+
name: jwt
|
|
29
28
|
requirement: !ruby/object:Gem::Requirement
|
|
30
29
|
requirements:
|
|
31
30
|
- - ">="
|
|
@@ -53,7 +52,7 @@ dependencies:
|
|
|
53
52
|
- !ruby/object:Gem::Version
|
|
54
53
|
version: '0'
|
|
55
54
|
- !ruby/object:Gem::Dependency
|
|
56
|
-
name:
|
|
55
|
+
name: omniauth
|
|
57
56
|
requirement: !ruby/object:Gem::Requirement
|
|
58
57
|
requirements:
|
|
59
58
|
- - ">="
|
|
@@ -67,7 +66,7 @@ dependencies:
|
|
|
67
66
|
- !ruby/object:Gem::Version
|
|
68
67
|
version: '0'
|
|
69
68
|
- !ruby/object:Gem::Dependency
|
|
70
|
-
name:
|
|
69
|
+
name: omniauth-oauth2
|
|
71
70
|
requirement: !ruby/object:Gem::Requirement
|
|
72
71
|
requirements:
|
|
73
72
|
- - ">="
|
|
@@ -104,7 +103,6 @@ licenses:
|
|
|
104
103
|
metadata:
|
|
105
104
|
homepage_uri: https://github.com/sorah/himari
|
|
106
105
|
source_code_uri: https://github.com/sorah/himari
|
|
107
|
-
post_install_message:
|
|
108
106
|
rdoc_options: []
|
|
109
107
|
require_paths:
|
|
110
108
|
- lib
|
|
@@ -119,8 +117,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
119
117
|
- !ruby/object:Gem::Version
|
|
120
118
|
version: '0'
|
|
121
119
|
requirements: []
|
|
122
|
-
rubygems_version:
|
|
123
|
-
signing_key:
|
|
120
|
+
rubygems_version: 4.0.10
|
|
124
121
|
specification_version: 4
|
|
125
122
|
summary: OmniAuth strategy for Himari
|
|
126
123
|
test_files: []
|