omniauth-jwt2 0.1.0 → 1.0.0

data/.github/workflows/style.yml

@@ -1,43 +0,0 @@
-name: Code Style
-
-on:
-  push:
-    branches:
-      - 'main'
-    tags:
-      - '!*' # Do not execute on tags
-  pull_request:
-    branches:
-      - '*'
-
-jobs:
-  rubocop:
-    name: RuboCop
-    strategy:
-      fail-fast: false
-      matrix:
-        experimental: [false]
-        rubygems:
-          - latest
-        bundler:
-          - latest
-        gemfile:
-          - style
-        ruby:
-          - "3.2"
-
-    runs-on: ubuntu-latest
-    env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps
-      BUNDLE_GEMFILE: ${{ github.workspace }}/gemfiles/${{ matrix.gemfile }}.gemfile
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-      - name: Setup Ruby & Bundle
-        uses: ruby/setup-ruby@v1
-        with:
-          ruby-version: ${{ matrix.ruby }}
-          rubygems: ${{ matrix.rubygems }}
-          bundler: ${{ matrix.bundler }}
-          bundler-cache: true
-      - name: Run RuboCop Gradual
-        run: bundle exec rake rubocop_gradual:check

data/.gitignore

@@ -1,18 +0,0 @@
-*.gem
-*.rbc
-.bundle
-.config
-.yardoc
-Gemfile.lock
-InstalledFiles
-_yardoc
-coverage
-doc/
-lib/bundler/man
-pkg
-rdoc
-spec/reports
-test/tmp
-test/version_tmp
-tmp
-gemfiles/*.gemfile.lock

data/.rspec

@@ -1,2 +0,0 @@
---color
---format progress

data/.rubocop.yml

@@ -1,2 +0,0 @@
-inherit_gem:
-  rubocop-lts: config/rubygem_rspec.yml

data/.rubocop_gradual.lock

@@ -1,39 +0,0 @@
-{
-  "lib/omniauth/strategies/jwt.rb:543932255": [
-    [60, 9, 76, "Lint/RescueException: Avoid rescuing the `Exception` class. Perhaps you meant to rescue `StandardError`?", 967033479]
-  ],
-  "omniauth-jwt2.gemspec:998952283": [
-    [18, 16, 16, "Packaging/GemspecGit: Avoid using git to produce lists of files. Downstreams often need to build your package in an environment that does not have git (on purpose). Use some pure Ruby alternative, like `Dir` or `Dir.glob`.", 1973161220]
-  ],
-  "spec/lib/omniauth/strategies/jwt_spec.rb:2698313308": [
-    [3, 1, 34, "RSpec/FilePath: Spec path should end with `omni_auth/strategies/jwt*_spec.rb`.", 1935033905],
-    [3, 1, 34, "RSpec/SpecFilePathFormat: Spec path should end with `omni_auth/strategies/jwt*_spec.rb`.", 1935033905],
-    [12, 13, 25, "RSpec/DescribedClass: Use `described_class` instead of `OmniAuth::Strategies::JWT`.", 2234488924],
-    [19, 11, 15, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 391893083],
-    [20, 5, 42, "RSpec/MultipleExpectations: Example has too many expectations [2/1].", 4106660663],
-    [29, 11, 16, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1409468707],
-    [51, 7, 51, "RSpec/MultipleExpectations: Example has too many expectations [2/1].", 4149552871],
-    [51, 7, 531, "RSpec/ExampleLength: Example has too many lines. [6/5]", 2143440997],
-    [91, 3, 3512, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [10/5]", 2363831099],
-    [110, 7, 7, "RSpec/NamedSubject: Name your test subject if you need to reference it explicitly.", 1892732441],
-    [111, 7, 7, "RSpec/NamedSubject: Name your test subject if you need to reference it explicitly.", 1892732441],
-    [116, 9, 6, "RSpec/ExpectInHook: Do not use `expect` in `before` hook", 1179768986],
-    [116, 9, 20, "RSpec/StubbedMock: Prefer `allow` over `expect` when configuring a response.", 2951559342],
-    [116, 33, 7, "RSpec/MessageSpies: Prefer `have_received` for setting message expectations. Setup `rack_request` as a spy using `allow` or `instance_spy`.", 1384559950],
-    [130, 5, 56, "Performance/RedundantMerge: Use `algos[OpenSSL::PKey::EC] = %w[ES256 ES384 ES512]` instead of `algos.merge!(OpenSSL::PKey::EC => %w[ES256 ES384 ES512])`.", 2983772293],
-    [133, 9, 846, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [10/5]", 3520352246],
-    [152, 22, 7, "RSpec/NamedSubject: Name your test subject if you need to reference it explicitly.", 1892732441],
-    [160, 5, 310, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [10/5]", 3501674141],
-    [160, 13, 28, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1877551307],
-    [170, 18, 7, "RSpec/NamedSubject: Name your test subject if you need to reference it explicitly.", 1892732441],
-    [174, 5, 515, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [10/5]", 1246671601],
-    [185, 9, 7, "RSpec/NamedSubject: Name your test subject if you need to reference it explicitly.", 1892732441],
-    [189, 18, 7, "RSpec/NamedSubject: Name your test subject if you need to reference it explicitly.", 1892732441],
-    [193, 5, 537, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [10/5]", 3770030886],
-    [205, 9, 7, "RSpec/NamedSubject: Name your test subject if you need to reference it explicitly.", 1892732441],
-    [209, 18, 7, "RSpec/NamedSubject: Name your test subject if you need to reference it explicitly.", 1892732441]
-  ],
-  "spec/support/hash.rb:812296649": [
-    [2, 3, 110, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3570181400]
-  ]
-}

data/.simplecov

@@ -1,2 +0,0 @@
-require "kettle/soup/cover/config"
-SimpleCov.start # you could do this somewhere else, up to you, but you do have to do it

data/.tool-versions

@@ -1 +0,0 @@
-ruby 2.3.8

data/Gemfile

@@ -1,17 +0,0 @@
-source "https://rubygems.org"
-
-# Specify your gem's dependencies in omniauth-jwt.gemspec
-gemspec
-
-# Development dependencies that rely on Ruby version >=
-# Style
-eval_gemfile "gemfiles/contexts/style.gemfile"
-
-# Coverage
-eval_gemfile "gemfiles/contexts/coverage.gemfile"
-
-# Testing
-eval_gemfile "gemfiles/contexts/testing.gemfile"
-
-# Debug
-eval_gemfile "gemfiles/contexts/debug.gemfile"

data/Guardfile

@@ -1,8 +0,0 @@
-# A sample Guardfile
-# More info at https://github.com/guard/guard#readme
-
-guard :rspec do
-  watch(%r{^spec/.+_spec\.rb$})
-  watch(%r{^lib/(.+)\.rb$}) { |m| "spec/lib/#{m[1]}_spec.rb" }
-  watch("spec/spec_helper.rb") { "spec" }
-end

data/LICENSE.txt

@@ -1,23 +0,0 @@
-Copyright (c) 2013 Michael Bleigh
-Copyright (c) 2023 Peter Boling of railsbling.com
-
-MIT License
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/Rakefile

@@ -1,23 +0,0 @@
-require "bundler/gem_tasks"
-
-require "rspec/core/rake_task"
-RSpec::Core::RakeTask.new(:spec)
-
-desc "alias test task to spec"
-task test: :spec
-
-begin
-  require "kettle-soup-cover"
-  Kettle::Soup::Cover.install_tasks
-rescue LoadError
-  # NOOP
-end
-
-begin
-  require "rubocop/lts"
-  Rubocop::Lts.install_tasks
-rescue LoadError
-  # NOOP
-end
-
-task default: :spec

data/gemfiles/ancient.gemfile

@@ -1,20 +0,0 @@
-# frozen_string_literal: true
-
-git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
-
-source "https://rubygems.org"
-
-# Gemfile is only for local development.
-# On CI we only need the gemspecs' dependencies (including development dependencies).
-# Exceptions, if any, will be found in gemfiles/*
-
-# Testing
-gem "rack", "~> 2.1.4.3"                      # ruby 2.2.2
-gem "json", "~> 2.5.1"                        # ruby 2.0
-
-# Debugging
-eval_gemfile "contexts/debug.gemfile"
-
-gemspec path: "../"
-
-gem "omniauth", "< 2"

data/gemfiles/contexts/coverage.gemfile

@@ -1,2 +0,0 @@
-# Coverage
-gem "kettle-soup-cover", "~> 1.0", ">= 1.0.2" # ruby 2.7

data/gemfiles/contexts/debug.gemfile

@@ -1,6 +0,0 @@
-# Ancient rubies do not have String#casecmp?
-debugging = ENV["CI"].nil? && ENV.fetch("DEBUG", "false")
-
-if debugging && debugging[/true/i]
-  gem "byebug"
-end

data/gemfiles/contexts/style.gemfile

@@ -1,5 +0,0 @@
-# Style
-gem "rubocop-lts", "~> 8.1", ">= 8.1.1"       # ruby 2.7 - Lint Support for Ruby 2.2+
-gem "rubocop-packaging", "~> 0.5", ">= 0.5.2" # ruby 2.6
-gem "rubocop-rspec", "~> 2.25"                # ruby 2.7
-gem "rspec-block_is_expected", "~> 1.0", ">= 1.0.5" # ruby 1.8.7

data/gemfiles/contexts/testing.gemfile

@@ -1,8 +0,0 @@
-# Testing
-gem "ed25519", "~> 1.3"                       # ruby 2.4
-gem "json", "~> 2.6", ">= 2.6.3"              # ruby 2.3
-gem "openssl", ">= 2.0"                       # ruby 2.3, v3.0 is >= 2.6, v3.2 is >= 2.7
-gem "openssl-signature_algorithm", "~> 1.3"   # ruby 2.4
-gem "rack", "~> 3.0", ">= 3.0.8"              # ruby 2.4
-gem "rack-session", "~> 2.0"                  # ruby 2.4
-gem "rspec-block_is_expected", "~> 1.0", ">= 1.0.5" # ruby 1.8.7

data/gemfiles/coverage.gemfile

@@ -1,20 +0,0 @@
-# frozen_string_literal: true
-
-git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
-
-source "https://rubygems.org"
-
-# Gemfile is only for local development.
-# On CI we only need the gemspecs' dependencies (including development dependencies).
-# Exceptions, if any, will be found in gemfiles/*
-
-# Coverage
-eval_gemfile "contexts/coverage.gemfile"
-
-# Testing
-eval_gemfile "contexts/testing.gemfile"
-
-# Debugging
-eval_gemfile "contexts/debug.gemfile"
-
-gemspec path: "../"

data/gemfiles/legacy.gemfile

@@ -1,26 +0,0 @@
-# frozen_string_literal: true
-
-git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
-
-source "https://rubygems.org"
-
-# Gemfile is only for local development.
-# On CI we only need the gemspecs' dependencies (including development dependencies).
-# Exceptions, if any, will be found in gemfiles/*
-
-# Testing
-gem "rspec", "~> 3.12"                        # ruby *
-gem "rack-test", "~> 2.1"                     # ruby 2.0
-gem "rack"                                    # ruby 2.4
-gem "rack-session", "< 2", github: "pboling/rack-session", branch: "fix-missing-rack-session"                     # ruby < 2.4
-gem "json"                                    # ruby 2.3
-gem "openssl"                                 # ruby 2.3
-gem "openssl-signature_algorithm"             # ruby 2.4
-gem "ed25519"                                 # ruby 2.4
-
-# Debugging
-eval_gemfile "contexts/debug.gemfile"
-
-gemspec path: "../"
-
-gem "omniauth", "< 2"

data/gemfiles/style.gemfile

@@ -1,20 +0,0 @@
-# frozen_string_literal: true
-
-git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
-
-source "https://rubygems.org"
-
-# Gemfile is only for local development.
-# On CI we only need the gemspecs' dependencies (including development dependencies).
-# Exceptions, if any, will be found in gemfiles/*
-
-# Coverage
-eval_gemfile "contexts/coverage.gemfile"
-
-# Style
-eval_gemfile "contexts/style.gemfile"
-
-# Debugging
-eval_gemfile "contexts/debug.gemfile"
-
-gemspec path: "../"

data/gemfiles/vanilla.gemfile

@@ -1,20 +0,0 @@
-# frozen_string_literal: true
-
-git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
-
-source "https://rubygems.org"
-
-# Gemfile is only for local development.
-# On CI we only need the gemspecs' dependencies (including development dependencies).
-# Exceptions, if any, will be found in gemfiles/*
-
-# Coverage
-eval_gemfile "contexts/coverage.gemfile"
-
-# Testing
-eval_gemfile "contexts/testing.gemfile"
-
-# Debugging
-eval_gemfile "contexts/debug.gemfile"
-
-gemspec path: "../"

data/omniauth-jwt2.gemspec

@@ -1,41 +0,0 @@
-# Get the GEMFILE_VERSION without *require* "my_gem/version", for code coverage accuracy
-# See: https://github.com/simplecov-ruby/simplecov/issues/557#issuecomment-825171399
-load "lib/omniauth/jwt/version.rb"
-gem_version = Omniauth::JWT::Version::VERSION
-Omniauth::JWT::Version.send(:remove_const, :VERSION)
-
-Gem::Specification.new do |spec|
-  spec.name = "omniauth-jwt2"
-  spec.version = gem_version
-  spec.authors = ["Michael Bleigh", "Robin Ward", "Peter Boling"]
-  spec.email = ["mbleigh@mbleigh.com", "robin.ward@gmail.com", "peter.boling@gmail.com"]
-  spec.description = "An OmniAuth strategy to accept JWT-based single sign-on."
-  spec.summary = "An OmniAuth strategy to accept JWT-based single sign-on."
-  spec.homepage = "http://github.com/pboling/omniauth-jwt2"
-  spec.license = "MIT"
-  spec.required_ruby_version = ">= 2.2"
-
-  spec.files = %x(git ls-files).split($/)
-  spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
-  spec.require_paths = ["lib"]
-
-  # TODO: Since this gem supports Ruby >= 2.2 we need to ensure no gems are
-  #       added here that require a newer version. Once this gem progresses to
-  #       only support non-EOL Rubies, all dependencies can be listed in this
-  #       gemspec, and the gemfiles/* pattern can be dispensed with.
-  spec.add_dependency("jwt", "~> 2.2", ">= 2.2.1")                           # ruby 2.1
-  spec.add_dependency("omniauth", ">= 1.1")                                  # ruby 2.2
-
-  # Utilities
-  spec.add_dependency("version_gem", "~> 1.1", ">= 1.1.3")                   # ruby 2.2
-  spec.add_development_dependency("rake", "~> 13.0")                         # ruby 2.2, v13.1 is >= 2.3
-
-  # Hot reload
-  spec.add_development_dependency("guard", "~> 2.18", ">= 2.18.1")           # ruby 1.9.3
-  spec.add_development_dependency("guard-rspec", "~> 4.7", ">= 4.7.3")       # ruby *
-
-  # Testing
-  spec.add_development_dependency("rack-test", "~> 2.1")                     # ruby 2.0
-  spec.add_development_dependency("rspec", "~> 3.12")                        # ruby *
-  spec.add_development_dependency("rspec-pending_for", "~> 0.1")             # ruby *
-end

data/spec/lib/omniauth/strategies/jwt_spec.rb

@@ -1,213 +0,0 @@
-require "spec_helper"
-
-describe OmniAuth::Strategies::JWT do
-  let(:response_json) { JSON.parse(last_response.body) }
-  let(:rand_secret) { SecureRandom.hex(10) }
-  let(:args) { [rand_secret, {auth_url: "http://example.com/login"}] }
-
-  let(:app) {
-    the_args = args
-    Rack::Builder.new do |b|
-      b.use Rack::Session::Cookie, secret: SecureRandom.hex(32)
-      b.use OmniAuth::Strategies::JWT, *the_args
-      b.run lambda { |env|
-        [200, {}, [(env["omniauth.auth"] || {}).to_json]]
-      }
-    end
-  }
-
-  context "request phase" do
-    it "redirects to the configured login url" do
-      # TODO: Figure out how to write this test without using the deprecated
-      #       and unsafe, "get" method for the request phase.
-      get "/auth/jwt"
-      expect(last_response.status).to eq(302)
-      expect(last_response.headers["Location"]).to eq("http://example.com/login")
-    end
-  end
-
-  context "callback phase" do
-    it "decodes the response" do
-      encoded = JWT.encode({name: "Bob", email: "steve@example.com"}, rand_secret)
-      get "/auth/jwt/callback?jwt=" + encoded
-      expect(response_json["info"]["email"]).to eq("steve@example.com")
-    end
-
-    it "does not work without required fields" do
-      encoded = JWT.encode({name: "Steve"}, rand_secret)
-      get "/auth/jwt/callback?jwt=" + encoded
-      expect(last_response.status).to eq(302)
-    end
-
-    it "assigns the uid" do
-      encoded = JWT.encode({name: "Steve", email: "dude@awesome.com"}, rand_secret)
-      get "/auth/jwt/callback?jwt=" + encoded
-      expect(response_json["uid"]).to eq("dude@awesome.com")
-    end
-
-    context "with a non-default encoding algorithm" do
-      let(:args) { [rand_secret, {auth_url: "http://example.com/login", decode_options: {algorithms: ["HS512", "HS256"]}}] }
-
-      it "decodes the response with an allowed algorithm" do
-        encoded = JWT.encode({name: "Bob", email: "steve@example.com"}, rand_secret, "HS512")
-        get "/auth/jwt/callback?jwt=" + encoded
-        expect(JSON.parse(last_response.body)["info"]["email"]).to eq("steve@example.com")
-
-        encoded = JWT.encode({name: "Bob", email: "steve@example.com"}, rand_secret, "HS256")
-        get "/auth/jwt/callback?jwt=" + encoded
-        expect(JSON.parse(last_response.body)["info"]["email"]).to eq("steve@example.com")
-      end
-
-      it "fails decoding the response with a different algorithm" do
-        encoded = JWT.encode({name: "Bob", email: "steve@example.com"}, rand_secret, "HS384")
-        get "/auth/jwt/callback?jwt=" + encoded
-        expect(last_response.headers["Location"]).to include("/auth/failure")
-      end
-    end
-
-    context "with a :valid_within option set" do
-      let(:args) { [rand_secret, {auth_url: "http://example.com/login", valid_within: 300}] }
-
-      it "works if the iat key is within the time window" do
-        encoded = JWT.encode({name: "Ted", email: "ted@example.com", iat: Time.now.to_i}, rand_secret)
-        get "/auth/jwt/callback?jwt=" + encoded
-        expect(last_response.status).to eq(200)
-      end
-
-      it "does not work if the iat key is outside the time window" do
-        encoded = JWT.encode({name: "Ted", email: "ted@example.com", iat: Time.now.to_i + 500}, rand_secret)
-        get "/auth/jwt/callback?jwt=" + encoded
-        expect(last_response.status).to eq(302)
-      end
-
-      it "does not work if the iat key is missing" do
-        encoded = JWT.encode({name: "Ted", email: "ted@example.com"}, rand_secret)
-        get "/auth/jwt/callback?jwt=" + encoded
-        expect(last_response.status).to eq(302)
-      end
-    end
-  end
-
-  describe "#decoded" do
-    subject { described_class.new({}) }
-
-    let(:timestamp) { Time.now.to_i }
-    let(:claims) do
-      {
-        id: 123,
-        name: "user_example",
-        email: "user@example.com",
-        iat: timestamp,
-      }
-    end
-
-    let(:algorithm) { "HS256" }
-    let(:secret) { rand_secret }
-    let(:private_key) { secret }
-    let(:payload) { JWT.encode(claims, private_key, algorithm) }
-
-    before do
-      subject.options[:secret] = secret
-      subject.options[:algorithm] = algorithm
-
-      # We use Rack::Request instead of ActionDispatch::Request because
-      # Rack::Test::Methods enables testing of this module.
-      expect_next_instance_of(Rack::Request) do |rack_request|
-        expect(rack_request).to receive(:params).and_return("jwt" => payload)
-      end
-    end
-
-    ecdsa_named_curves = {
-      "ES256" => "prime256v1",
-      "ES384" => "secp384r1",
-      "ES512" => "secp521r1",
-    }.freeze
-
-    algos = {
-      OpenSSL::PKey::RSA => %w[RS256 RS384 RS512],
-      String => %w[HS256 HS384 HS512],
-    }
-    algos.merge!(OpenSSL::PKey::EC => %w[ES256 ES384 ES512]) unless ["2.2.10", "2.3.8"].include?(RubyVersion.to_s)
-    algos.each do |private_key_class, algorithms|
-      algorithms.each do |algorithm|
-        context "when the #{algorithm} algorithm is used" do
-          let(:algorithm) { algorithm }
-          let(:secret) do
-            # rubocop:disable Style/CaseLikeIf
-            if private_key_class == OpenSSL::PKey::RSA
-              private_key_class.generate(2048)
-                .to_pem
-            elsif private_key_class == OpenSSL::PKey::EC
-              private_key_class.generate(ecdsa_named_curves[algorithm])
-                .to_pem
-            else
-              private_key_class.new(rand_secret)
-            end
-            # rubocop:enable Style/CaseLikeIf
-          end
-
-          let(:private_key) { private_key_class ? private_key_class.new(secret) : secret }
-
-          it "decodes the user information" do
-            result = subject.decoded
-
-            expect(result).to eq(claims.stringify_keys)
-          end
-        end
-      end
-    end
-
-    context "required claims is missing" do
-      let(:claims) do
-        {
-          id: 123,
-          email: "user@example.com",
-          iat: timestamp,
-        }
-      end
-
-      it "raises error" do
-        expect { subject.decoded }.to raise_error(OmniAuth::Strategies::Jwt::ClaimInvalid)
-      end
-    end
-
-    context "when valid_within is specified but iat attribute is missing in response" do
-      let(:claims) do
-        {
-          id: 123,
-          name: "user_example",
-          email: "user@example.com",
-        }
-      end
-
-      before do
-        # Omniauth config values are always strings!
-        subject.options[:valid_within] = (60 * 60 * 24 * 2).to_s # 2 days
-      end
-
-      it "raises error" do
-        expect { subject.decoded }.to raise_error(OmniAuth::Strategies::Jwt::ClaimInvalid)
-      end
-    end
-
-    context "when timestamp claim is too skewed from present" do
-      let(:claims) do
-        {
-          id: 123,
-          name: "user_example",
-          email: "user@example.com",
-          iat: timestamp - (60 * 60 * 10), # minus ten minutes
-        }
-      end
-
-      before do
-        # Omniauth config values are always strings!
-        subject.options[:valid_within] = "2" # 2 seconds
-      end
-
-      it "raises error" do
-        expect { subject.decoded }.to raise_error(OmniAuth::Strategies::Jwt::ClaimInvalid)
-      end
-    end
-  end
-end

data/spec/spec_helper.rb

@@ -1,64 +0,0 @@
-# Std Lib
-require "securerandom"
-
-# 3rd party gems
-require "rspec/pending_for"
-begin
-  require "rack/session"
-rescue LoadError
-  nil # File won't exist in old rack for Ruby 2.2 & 2.3
-end
-require "rack/test"
-require "json"
-require "omniauth"
-begin
-  require "openssl"
-  require "openssl/signature_algorithm"
-  require "ed25519"
-rescue LoadError
-  nil # Gem doesn't exist for ancient Rubies 2.2 & 2.3
-end
-
-require "byebug" if ENV["DEBUG"] == "true"
-# This does not require "simplecov",
-#   because that has a side-effect of running `.simplecov`
-begin
-  require "kettle-soup-cover"
-rescue LoadError
-  puts "Not analyzing test coverage"
-end
-
-require "support/hash"
-require "support/next_instance_of"
-
-OmniAuth.config.logger = Logger.new("/dev/null")
-require "omniauth/version"
-puts "OMNIAUTH VERSION: #{OmniAuth::VERSION}"
-if Gem::Version.new(OmniAuth::VERSION) > Gem::Version.new("2.0")
-  OmniAuth.config.silence_get_warning = true
-  OmniAuth.config.allowed_request_methods |= [:get, :post]
-end
-# This file was generated by the `rspec --init` command. Conventionally, all
-# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
-# Require this file using `require "spec_helper"` to ensure that it is only
-# loaded once.
-#
-# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
-RSpec.configure do |config|
-  config.run_all_when_everything_filtered = true
-  config.filter_run :focus
-
-  include Rack::Test::Methods
-  include NextInstanceOf
-
-  # Run specs in random order to surface order dependencies. If you find an
-  # order dependency and want to debug it, you can fix the order by providing
-  # the seed, which is printed after each run.
-  #     --seed 1234
-  config.order = "random"
-end
-
-# Last thing before loading this library, load simplecov:
-require "simplecov" if defined?(Kettle::Soup::Cover) && Kettle::Soup::Cover::DO_COV
-
-require "omniauth/jwt"

data/spec/support/hash.rb

@@ -1,9 +0,0 @@
-class Hash
-  def self.stringify_keys(h)
-    h.is_a?(Hash) ? h.collect { |k, v| [k.to_s, stringify_keys(v)] }.to_h : h
-  end
-
-  def stringify_keys
-    self.class.stringify_keys(self)
-  end
-end