omniauth-keycloak 1.1.0 → 1.4.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +44 -0
  3. data/Gemfile.lock +78 -66
  4. data/README.md +76 -1
  5. data/lib/keycloak/version.rb +1 -1
  6. data/lib/omniauth/strategies/keycloak-openid.rb +70 -20
  7. data/omniauth-keycloak.gemspec +14 -13
  8. data/spec/omniauth/strategies/keycloak_spec.rb +164 -27
  9. metadata +24 -24
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 04fa7b74d74eb9db8aed382ace2d55315a3ec12e3cd3a280b795cec1ec4ce705
4
- data.tar.gz: 7387598e991f95d589dcb27e8ec05096b21541a0199acd099987c8c87caef4f8
3
+ metadata.gz: 42a3358ad3f8f4524e7d212d716e99eda02fa1b5030dcdeedf1d4b77551be450
4
+ data.tar.gz: 6d3b47d546bbec7de0a9d4c5cba6f1b88568f234180ed195ce84d0f37d9b35d4
5
5
  SHA512:
6
- metadata.gz: 85e9f1ae17b31739d6dd92bfe74b2d6590f8165e13b6f3c2aaa8bf169c39cc9392c44dad413a722fdbcd6f510bbaf28dc41a5ca444eac9fa9014978ead7b097f
7
- data.tar.gz: 921a82a88060f829ccba8e761984c245110b664dc7914910fa23f46f1c1f6c6ba30a1124cb5a33975475894ac7b061e9bb4791b1052178c5fe4fcd9cfb01a1f0
6
+ metadata.gz: f27d6b806f0297f6ffc72c722185a8bc5fa76cb32441dc1936ae8d88109bb2b294c05bcde3f4411254adee5f2af5ae5035e63e151762f030ac9c3bbbfdc000fb
7
+ data.tar.gz: eaac842f3e02d03f5c9cbb677e8c60da6f5159582b742ae94b839210861c8e7133ea23f2e462cf180d217cb4ef6702ab8a7ba8ff09719716ab96a538cbf733b6
data/CHANGELOG.md ADDED
@@ -0,0 +1,44 @@
1
+ # Changelog
2
+
3
+ ## [v1.2.1](https://github.com/ccrockett/omniauth-keycloak/tree/v1.2.1) (2020-12-19)
4
+
5
+ [Full Changelog](https://github.com/ccrockett/omniauth-keycloak/compare/v1.2.0...v1.2.1)
6
+
7
+ **Closed issues:**
8
+
9
+ - Dynamically load Client and Realm [\#11](https://github.com/ccrockett/omniauth-keycloak/issues/11)
10
+ - cannot load such file -- /Library/Ruby/Gems/2.6.0/gems/omniauth-keycloak-1.2.0/lib/omniauth-keycloak.rb \(LoadError\) [\#8](https://github.com/ccrockett/omniauth-keycloak/issues/8)
11
+ - Release json-jwt version restriction change [\#5](https://github.com/ccrockett/omniauth-keycloak/issues/5)
12
+
13
+ **Merged pull requests:**
14
+
15
+ - Raise errors on setup failure and logging with OmniAuth::Strategy::log method [\#10](https://github.com/ccrockett/omniauth-keycloak/pull/10) ([alexpetrov](https://github.com/alexpetrov))
16
+ - Bump json from 2.1.0 to 2.3.1 [\#9](https://github.com/ccrockett/omniauth-keycloak/pull/9) ([dependabot[bot]](https://github.com/apps/dependabot))
17
+
18
+ ## [v1.2.0](https://github.com/ccrockett/omniauth-keycloak/tree/v1.2.0) (2020-05-28)
19
+
20
+ [Full Changelog](https://github.com/ccrockett/omniauth-keycloak/compare/v1.1.0...v1.2.0)
21
+
22
+ **Merged pull requests:**
23
+
24
+ - Bump rack from 2.2.2 to 2.2.3 [\#7](https://github.com/ccrockett/omniauth-keycloak/pull/7) ([dependabot[bot]](https://github.com/apps/dependabot))
25
+ - Bump activesupport from 6.0.1 to 6.0.3.1 [\#6](https://github.com/ccrockett/omniauth-keycloak/pull/6) ([dependabot[bot]](https://github.com/apps/dependabot))
26
+ - Update rake requirement from ~\> 10.0 to ~\> 13.0 [\#4](https://github.com/ccrockett/omniauth-keycloak/pull/4) ([dependabot[bot]](https://github.com/apps/dependabot))
27
+ - Bump rack from 2.0.7 to 2.0.8 [\#2](https://github.com/ccrockett/omniauth-keycloak/pull/2) ([dependabot[bot]](https://github.com/apps/dependabot))
28
+ - Adding Devise Documentation [\#1](https://github.com/ccrockett/omniauth-keycloak/pull/1) ([masonhensley](https://github.com/masonhensley))
29
+
30
+ ## [v1.1.0](https://github.com/ccrockett/omniauth-keycloak/tree/v1.1.0) (2018-12-16)
31
+
32
+ [Full Changelog](https://github.com/ccrockett/omniauth-keycloak/compare/v1.0.1...v1.1.0)
33
+
34
+ ## [v1.0.1](https://github.com/ccrockett/omniauth-keycloak/tree/v1.0.1) (2018-12-16)
35
+
36
+ [Full Changelog](https://github.com/ccrockett/omniauth-keycloak/compare/v1.0.0...v1.0.1)
37
+
38
+ ## [v1.0.0](https://github.com/ccrockett/omniauth-keycloak/tree/v1.0.0) (2018-12-16)
39
+
40
+ [Full Changelog](https://github.com/ccrockett/omniauth-keycloak/compare/7877c8a75f9e3f342b49bf808fa69965377d60b5...v1.0.0)
41
+
42
+
43
+
44
+ \* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*
data/Gemfile.lock CHANGED
@@ -1,96 +1,108 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- omniauth-keycloak (1.0.1)
5
- json-jwt (~> 1.9.4)
6
- omniauth (~> 1.8.1)
7
- omniauth-oauth2 (~> 1.5.0)
4
+ omniauth-keycloak (1.3.0)
5
+ json-jwt (~> 1.13.0)
6
+ omniauth (~> 2.0.4)
7
+ omniauth-oauth2 (~> 1.7.1)
8
8
 
9
9
  GEM
10
10
  remote: https://rubygems.org/
11
11
  specs:
12
- activesupport (5.2.1)
12
+ activesupport (6.1.3.2)
13
13
  concurrent-ruby (~> 1.0, >= 1.0.2)
14
- i18n (>= 0.7, < 2)
15
- minitest (~> 5.1)
16
- tzinfo (~> 1.1)
17
- addressable (2.5.2)
18
- public_suffix (>= 2.0.2, < 4.0)
19
- aes_key_wrap (1.0.1)
20
- bindata (2.4.4)
21
- concurrent-ruby (1.1.3)
22
- crack (0.4.3)
23
- safe_yaml (~> 1.0.0)
24
- diff-lcs (1.3)
25
- docile (1.3.1)
26
- faraday (0.15.3)
14
+ i18n (>= 1.6, < 2)
15
+ minitest (>= 5.1)
16
+ tzinfo (~> 2.0)
17
+ zeitwerk (~> 2.3)
18
+ addressable (2.8.0)
19
+ public_suffix (>= 2.0.2, < 5.0)
20
+ aes_key_wrap (1.1.0)
21
+ bindata (2.4.9)
22
+ concurrent-ruby (1.1.8)
23
+ crack (0.4.5)
24
+ rexml
25
+ diff-lcs (1.4.4)
26
+ docile (1.4.0)
27
+ faraday (1.4.1)
28
+ faraday-excon (~> 1.1)
29
+ faraday-net_http (~> 1.0)
30
+ faraday-net_http_persistent (~> 1.1)
27
31
  multipart-post (>= 1.2, < 3)
28
- hashdiff (0.3.7)
29
- hashie (3.5.7)
30
- i18n (1.1.1)
32
+ ruby2_keywords (>= 0.0.4)
33
+ faraday-excon (1.1.0)
34
+ faraday-net_http (1.0.1)
35
+ faraday-net_http_persistent (1.1.0)
36
+ hashdiff (1.0.1)
37
+ hashie (4.1.0)
38
+ i18n (1.8.10)
31
39
  concurrent-ruby (~> 1.0)
32
- json (2.1.0)
33
- json-jwt (1.9.4)
34
- activesupport
40
+ json-jwt (1.13.0)
41
+ activesupport (>= 4.2)
35
42
  aes_key_wrap
36
43
  bindata
37
- jwt (2.1.0)
38
- minitest (5.11.3)
39
- multi_json (1.13.1)
44
+ jwt (2.2.3)
45
+ minitest (5.14.4)
46
+ multi_json (1.15.0)
40
47
  multi_xml (0.6.0)
41
- multipart-post (2.0.0)
42
- oauth2 (1.4.1)
43
- faraday (>= 0.8, < 0.16.0)
48
+ multipart-post (2.1.1)
49
+ oauth2 (1.4.7)
50
+ faraday (>= 0.8, < 2.0)
44
51
  jwt (>= 1.0, < 3.0)
45
52
  multi_json (~> 1.3)
46
53
  multi_xml (~> 0.5)
47
54
  rack (>= 1.2, < 3)
48
- omniauth (1.8.1)
49
- hashie (>= 3.4.6, < 3.6.0)
55
+ omniauth (2.0.4)
56
+ hashie (>= 3.4.6)
50
57
  rack (>= 1.6.2, < 3)
51
- omniauth-oauth2 (1.5.0)
52
- oauth2 (~> 1.1)
53
- omniauth (~> 1.2)
54
- public_suffix (3.0.3)
55
- rack (2.0.6)
56
- rake (10.5.0)
57
- rspec (3.8.0)
58
- rspec-core (~> 3.8.0)
59
- rspec-expectations (~> 3.8.0)
60
- rspec-mocks (~> 3.8.0)
61
- rspec-core (3.8.0)
62
- rspec-support (~> 3.8.0)
63
- rspec-expectations (3.8.1)
58
+ rack-protection
59
+ omniauth-oauth2 (1.7.1)
60
+ oauth2 (~> 1.4)
61
+ omniauth (>= 1.9, < 3)
62
+ public_suffix (4.0.6)
63
+ rack (2.2.3)
64
+ rack-protection (2.1.0)
65
+ rack
66
+ rake (13.0.1)
67
+ rexml (3.2.5)
68
+ rspec (3.10.0)
69
+ rspec-core (~> 3.10.0)
70
+ rspec-expectations (~> 3.10.0)
71
+ rspec-mocks (~> 3.10.0)
72
+ rspec-core (3.10.1)
73
+ rspec-support (~> 3.10.0)
74
+ rspec-expectations (3.10.1)
64
75
  diff-lcs (>= 1.2.0, < 2.0)
65
- rspec-support (~> 3.8.0)
66
- rspec-mocks (3.8.0)
76
+ rspec-support (~> 3.10.0)
77
+ rspec-mocks (3.10.2)
67
78
  diff-lcs (>= 1.2.0, < 2.0)
68
- rspec-support (~> 3.8.0)
69
- rspec-support (3.8.0)
70
- safe_yaml (1.0.4)
71
- simplecov (0.16.1)
79
+ rspec-support (~> 3.10.0)
80
+ rspec-support (3.10.3)
81
+ ruby2_keywords (0.0.4)
82
+ simplecov (0.21.2)
72
83
  docile (~> 1.1)
73
- json (>= 1.8, < 3)
74
- simplecov-html (~> 0.10.0)
75
- simplecov-html (0.10.2)
76
- thread_safe (0.3.6)
77
- tzinfo (1.2.5)
78
- thread_safe (~> 0.1)
79
- webmock (3.4.2)
80
- addressable (>= 2.3.6)
84
+ simplecov-html (~> 0.11)
85
+ simplecov_json_formatter (~> 0.1)
86
+ simplecov-html (0.12.3)
87
+ simplecov_json_formatter (0.1.3)
88
+ tzinfo (2.0.4)
89
+ concurrent-ruby (~> 1.0)
90
+ webmock (3.14.0)
91
+ addressable (>= 2.8.0)
81
92
  crack (>= 0.3.2)
82
- hashdiff
93
+ hashdiff (>= 0.4.0, < 2.0.0)
94
+ zeitwerk (2.4.2)
83
95
 
84
96
  PLATFORMS
85
97
  ruby
86
98
 
87
99
  DEPENDENCIES
88
- bundler (~> 1.16)
100
+ bundler (~> 2.2)
89
101
  omniauth-keycloak!
90
- rake (~> 10.0)
91
- rspec (~> 3.0)
92
- simplecov (~> 0.16.1)
93
- webmock (~> 3.4.2)
102
+ rake (~> 13.0)
103
+ rspec (~> 3.10)
104
+ simplecov (~> 0.21)
105
+ webmock (~> 3.14)
94
106
 
95
107
  BUNDLED WITH
96
- 1.16.5
108
+ 2.2.31
data/README.md CHANGED
@@ -25,9 +25,84 @@ Here's a quick example, adding the middleware to a Rails app in `config/initiali
25
25
  ```ruby
26
26
  Rails.application.config.middleware.use OmniAuth::Builder do
27
27
  provider :keycloak_openid, 'Example-Client', '19cca35f-dddd-473a-bdd5-03f00d61d884',
28
- client_options: {site: 'https://example.keycloak-url.com', realm: 'example-realm'}
28
+ client_options: {site: 'https://example.keycloak-url.com', realm: 'example-realm'},
29
+ name: 'keycloak'
29
30
  end
30
31
  ```
32
+ This will allow a POST request to `auth/keycloak` since the name is set to keycloak
33
+
34
+ Or using a proc setup with a custom options:
35
+
36
+ ```ruby
37
+ Rails.application.config.middleware.use OmniAuth::Builder do
38
+ SETUP_PROC = lambda do |env|
39
+ request = Rack::Request.new(env)
40
+ organization = Organization.find_by(host: request.host)
41
+ provider_config = organization.enabled_omniauth_providers[:keycloakopenid]
42
+
43
+ env["omniauth.strategy"].options[:client_id] = provider_config[:client_id]
44
+ env["omniauth.strategy"].options[:client_secret] = provider_config[:client_secret]
45
+ env["omniauth.strategy"].options[:client_options] = { site: provider_config[:site], realm: provider_config[:realm] }
46
+ end
47
+
48
+ Rails.application.config.middleware.use OmniAuth::Builder do
49
+ provider :keycloak_openid, setup: SETUP_PROC
50
+ end
51
+ end
52
+ ```
53
+
54
+
55
+ ## Devise Usage
56
+ Adapted from [Devise OmniAuth Instructions](https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview)
57
+
58
+ ```ruby
59
+ # app/models/user.rb
60
+ class User < ApplicationRecord
61
+ #...
62
+ devise :omniauthable, omniauth_providers: %i[keycloakopenid]
63
+ #...
64
+ end
65
+
66
+ # config/initializers/devise.rb
67
+ config.omniauth :keycloak_openid, "Example-Client-Name", "example-secret-if-configured", client_options: { site: "https://example.keycloak-url.com", realm: "example-realm" }, :strategy_class => OmniAuth::Strategies::KeycloakOpenId
68
+
69
+ # Below controller assumes callback route configuration following
70
+ # in config/routes.rb
71
+ Devise.setup do |config|
72
+ # ...
73
+ devise_for :users, controllers: { omniauth_callbacks: 'users/omniauth_callbacks' }
74
+ end
75
+
76
+ # app/controllers/users/omniauth_callbacks_controller.rb
77
+ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
78
+ def keycloakopenid
79
+ Rails.logger.debug(request.env["omniauth.auth"])
80
+ @user = User.from_omniauth(request.env["omniauth.auth"])
81
+ if @user.persisted?
82
+ sign_in_and_redirect @user, event: :authentication
83
+ else
84
+ session["devise.keycloakopenid_data"] = request.env["omniauth.auth"]
85
+ redirect_to new_user_registration_url
86
+ end
87
+ end
88
+
89
+ def failure
90
+ redirect_to root_path
91
+ end
92
+ end
93
+
94
+ ```
95
+
96
+ ## Configuration
97
+ * __Base Url other than /auth__
98
+ This gem tries to get the keycloak configuration from `"#{site}/auth/realms/#{realm}/.well-known/openid-configuration"`. If your keycloak server has been setup to use a different "root" url other than `/auth` then you need to pass in the `base_url` option when setting up the gem:
99
+ ```ruby
100
+ Rails.application.config.middleware.use OmniAuth::Builder do
101
+ provider :keycloak_openid, 'Example-Client', '19cca35f-dddd-473a-bdd5-03f00d61d884',
102
+ client_options: {site: 'https://example.keycloak-url.com', realm: 'example-realm', base_url: '/authorize'},
103
+ name: 'keycloak'
104
+ end
105
+ ```
31
106
 
32
107
  ## Contributing
33
108
 
data/lib/keycloak/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Omniauth
2
2
  module Keycloak
3
- VERSION = "1.1.0"
3
+ VERSION = "1.4.0"
4
4
  end
5
5
  end
data/lib/omniauth/strategies/keycloak-openid.rb CHANGED
@@ -1,54 +1,104 @@
1
1
  require 'omniauth'
2
2
  require 'omniauth-oauth2'
3
3
  require 'json/jwt'
4
+ require 'uri'
4
5
 
5
6
  module OmniAuth
6
7
  module Strategies
7
8
  class KeycloakOpenId < OmniAuth::Strategies::OAuth2
9
+
10
+ class Error < RuntimeError; end
11
+ class ConfigurationError < Error; end
12
+ class IntegrationError < Error; end
13
+
8
14
  attr_reader :authorize_url
9
15
  attr_reader :token_url
10
- attr_reader :cert
16
+ attr_reader :certs
11
17
 
12
18
  def setup_phase
19
+ super
20
+
13
21
  if @authorize_url.nil? || @token_url.nil?
22
+ prevent_site_option_mistake
23
+
14
24
  realm = options.client_options[:realm].nil? ? options.client_id : options.client_options[:realm]
15
25
  site = options.client_options[:site]
16
- response = Faraday.get "#{options.client_options[:site]}/auth/realms/#{realm}/.well-known/openid-configuration"
26
+
27
+ raise_on_failure = options.client_options.fetch(:raise_on_failure, false)
28
+
29
+ config_url = URI.join(site, "#{auth_url_base}/realms/#{realm}/.well-known/openid-configuration")
30
+
31
+ log :debug, "Going to get Keycloak configuration. URL: #{config_url}"
32
+ response = Faraday.get config_url
17
33
  if (response.status == 200)
18
34
  json = MultiJson.load(response.body)
35
+
19
36
  @certs_endpoint = json["jwks_uri"]
20
37
  @userinfo_endpoint = json["userinfo_endpoint"]
21
- @authorize_url = json["authorization_endpoint"].gsub(site, "")
22
- @token_url = json["token_endpoint"].gsub(site, "")
38
+ @authorize_url = URI(json["authorization_endpoint"]).path
39
+ @token_url = URI(json["token_endpoint"]).path
40
+
41
+ log_config(json)
42
+
23
43
  options.client_options.merge!({
24
44
  authorize_url: @authorize_url,
25
45
  token_url: @token_url
26
- })
46
+ })
47
+ log :debug, "Going to get certificates. URL: #{@certs_endpoint}"
27
48
  certs = Faraday.get @certs_endpoint
28
49
  if (certs.status == 200)
29
50
  json = MultiJson.load(certs.body)
30
- @cert = json["keys"][0]
51
+ @certs = json["keys"]
52
+ log :debug, "Successfully got certificate. Certificate length: #{@certs.length}"
31
53
  else
32
- #TODO: Throw Error
33
- puts "Couldn't get Cert"
34
- end
54
+ message = "Coundn't get certificate. URL: #{@certs_endpoint}"
55
+ log :error, message
56
+ raise IntegrationError, message if raise_on_failure
57
+ end
35
58
  else
36
- #TODO: Throw Error
37
- puts response.status
59
+ message = "Keycloak configuration request failed with status: #{response.status}. " \
60
+ "URL: #{config_url}"
61
+ log :error, message
62
+ raise IntegrationError, message if raise_on_failure
38
63
  end
39
64
  end
40
65
  end
41
-
66
+
67
+ def auth_url_base
68
+ return '/auth' unless options.client_options[:base_url]
69
+ base_url = options.client_options[:base_url]
70
+ return base_url if (base_url == '' || base_url[0] == '/')
71
+
72
+ raise ConfigurationError, "Keycloak base_url option should start with '/'. Current value: #{base_url}"
73
+ end
74
+
75
+ def prevent_site_option_mistake
76
+ site = options.client_options[:site]
77
+ return unless site =~ /\/auth$/
78
+
79
+ raise ConfigurationError, "Keycloak site parameter should not include /auth part, only domain. Current value: #{site}"
80
+ end
81
+
82
+ def log_config(config_json)
83
+ log_keycloak_config = options.client_options.fetch(:log_keycloak_config, false)
84
+ log :debug, "Successfully got Keycloak config"
85
+ log :debug, "Keycloak config: #{config_json}" if log_keycloak_config
86
+ log :debug, "Certs endpoint: #{@certs_endpoint}"
87
+ log :debug, "Userinfo endpoint: #{@userinfo_endpoint}"
88
+ log :debug, "Authorize url: #{@authorize_url}"
89
+ log :debug, "Token url: #{@token_url}"
90
+ end
91
+
42
92
  def build_access_token
43
93
  verifier = request.params["code"]
44
- client.auth_code.get_token(verifier,
94
+ client.auth_code.get_token(verifier,
45
95
  {:redirect_uri => callback_url.gsub(/\?.+\Z/, "")}
46
- .merge(token_params.to_hash(:symbolize_keys => true)),
96
+ .merge(token_params.to_hash(:symbolize_keys => true)),
47
97
  deep_symbolize(options.auth_token_params))
48
98
  end
49
99
 
50
100
  uid{ raw_info['sub'] }
51
-
101
+
52
102
  info do
53
103
  {
54
104
  :name => raw_info['name'],
@@ -57,21 +107,21 @@ module OmniAuth
57
107
  :last_name => raw_info['family_name']
58
108
  }
59
109
  end
60
-
110
+
61
111
  extra do
62
112
  {
63
113
  'raw_info' => raw_info
64
114
  }
65
115
  end
66
-
116
+
67
117
  def raw_info
68
118
  id_token_string = access_token.token
69
- jwk = JSON::JWK.new(@cert)
70
- id_token = JSON::JWT.decode id_token_string, jwk
119
+ jwks = JSON::JWK::Set.new(@certs)
120
+ id_token = JSON::JWT.decode id_token_string, jwks
71
121
  id_token
72
122
  end
73
123
 
74
124
  OmniAuth.config.add_camelization('keycloak_openid', 'KeycloakOpenId')
75
125
  end
76
126
  end
77
- end
127
+ end
data/omniauth-keycloak.gemspec CHANGED
@@ -4,13 +4,13 @@ Gem::Specification.new do |spec|
4
4
  spec.version = Omniauth::Keycloak::VERSION
5
5
  spec.authors = ["Cameron Crockett"]
6
6
  spec.email = ["cameron.crockett@ccrockett.com"]
7
-
8
- spec.description = %q{"Omniauth strategy for Keycloak"}
7
+
8
+ spec.description = %q{Omniauth strategy for Keycloak}
9
9
  spec.summary = spec.description
10
10
  spec.homepage = "https://github.com/ccrockett/omniauth-keycloak"
11
11
  spec.license = "MIT"
12
- spec.required_rubygems_version = '>= 1.3.5'
13
- spec.required_ruby_version = '>= 2.2'
12
+ spec.required_rubygems_version = '>= 3.1.2'
13
+ spec.required_ruby_version = '>= 2.6'
14
14
 
15
15
  # Specify which files should be added to the gem when it is released.
16
16
  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
@@ -22,13 +22,14 @@ Gem::Specification.new do |spec|
22
22
  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
23
23
  spec.require_paths = ["lib"]
24
24
 
25
-
26
- spec.add_dependency "omniauth", "~> 1.9.0"
27
- spec.add_dependency "omniauth-oauth2", "~> 1.6.0"
28
- spec.add_dependency "json-jwt", "~> 1.9.4"
29
- spec.add_development_dependency "bundler", "~> 1.16"
30
- spec.add_development_dependency "rake", "~> 10.0"
31
- spec.add_development_dependency "rspec", "~> 3.0"
32
- spec.add_development_dependency 'simplecov', '~> 0.16.1'
33
- spec.add_development_dependency 'webmock', '~> 3.4.2'
25
+
26
+ spec.add_dependency "omniauth", "~> 2.0.4"
27
+ spec.add_dependency "omniauth-oauth2", "~> 1.7.1"
28
+ spec.add_dependency "json-jwt", "~> 1.13.0"
29
+
30
+ spec.add_development_dependency "bundler", "~> 2.2"
31
+ spec.add_development_dependency "rake", "~> 13.0"
32
+ spec.add_development_dependency "rspec", "~> 3.10"
33
+ spec.add_development_dependency 'simplecov', '~> 0.21'
34
+ spec.add_development_dependency 'webmock', '~> 3.14'
34
35
  end
data/spec/omniauth/strategies/keycloak_spec.rb CHANGED
@@ -1,41 +1,45 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  RSpec.describe OmniAuth::Strategies::KeycloakOpenId do
4
- body = '{"issuer": "http://localhost:8080/auth/realms/example-realm",
5
- "authorization_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/auth",
6
- "token_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/token",
7
- "token_introspection_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/token/introspect",
8
- "userinfo_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/userinfo",
9
- "end_session_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/logout",
10
- "jwks_uri": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs",
11
- "check_session_iframe": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/login-status-iframe.html",
12
- "grant_types_supported": ["authorization_code", "implicit", "refresh_token", "password", "client_credentials"],
13
- "response_types_supported": ["code", "none", "id_token", "token", "id_token token", "code id_token", "code token", "code id_token token"],
14
- "subject_types_supported": ["public", "pairwise"],
15
- "id_token_signing_alg_values_supported": ["RS256"],
16
- "userinfo_signing_alg_values_supported": ["RS256"],
17
- "request_object_signing_alg_values_supported": ["none", "RS256"],
18
- "response_modes_supported": ["query", "fragment", "form_post"],
19
- "registration_endpoint": "http://localhost:8080/auth/realms/example-realm/clients-registrations/openid-connect",
20
- "token_endpoint_auth_methods_supported": ["private_key_jwt", "client_secret_basic", "client_secret_post"],
21
- "token_endpoint_auth_signing_alg_values_supported": ["RS256"],
22
- "claims_supported": ["sub", "iss", "auth_time", "name", "given_name", "family_name", "preferred_username", "email"],
23
- "claim_types_supported": ["normal"],
24
- "claims_parameter_supported": false,
25
- "scopes_supported": ["openid", "offline_access"],
26
- "request_parameter_supported": true,
27
- "request_uri_parameter_supported": true}'
4
+ let(:body) {
5
+ {
6
+ "issuer": "http://localhost:8080/auth/realms/example-realm",
7
+ "authorization_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/auth",
8
+ "token_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/token",
9
+ "token_introspection_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/token/introspect",
10
+ "userinfo_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/userinfo",
11
+ "end_session_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/logout",
12
+ "jwks_uri": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs",
13
+ "check_session_iframe": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/login-status-iframe.html",
14
+ "grant_types_supported": ["authorization_code", "implicit", "refresh_token", "password", "client_credentials"],
15
+ "response_types_supported": ["code", "none", "id_token", "token", "id_token token", "code id_token", "code token", "code id_token token"],
16
+ "subject_types_supported": ["public", "pairwise"],
17
+ "id_token_signing_alg_values_supported": ["RS256"],
18
+ "userinfo_signing_alg_values_supported": ["RS256"],
19
+ "request_object_signing_alg_values_supported": ["none", "RS256"],
20
+ "response_modes_supported": ["query", "fragment", "form_post"],
21
+ "registration_endpoint": "http://localhost:8080/auth/realms/example-realm/clients-registrations/openid-connect",
22
+ "token_endpoint_auth_methods_supported": ["private_key_jwt", "client_secret_basic", "client_secret_post"],
23
+ "token_endpoint_auth_signing_alg_values_supported": ["RS256"],
24
+ "claims_supported": ["sub", "iss", "auth_time", "name", "given_name", "family_name", "preferred_username", "email"],
25
+ "claim_types_supported": ["normal"],
26
+ "claims_parameter_supported": false,
27
+ "scopes_supported": ["openid", "offline_access"],
28
+ "request_parameter_supported": true,
29
+ "request_uri_parameter_supported": true
30
+ }
31
+ }
28
32
 
29
33
  context 'client options' do
30
34
  subject do
31
35
  stub_request(:get, "http://localhost:8080/auth/realms/example-realm/.well-known/openid-configuration")
32
- .to_return(status: 200, body: body, headers: {})
36
+ .to_return(status: 200, body: JSON.generate(body), headers: {})
33
37
  stub_request(:get, "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs")
34
38
  .to_return(status: 404, body: "", headers: {})
35
39
  OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
36
- client_options: {site: 'http://localhost:8080', realm: 'example-realm'})
40
+ client_options: {site: 'http://localhost:8080/', realm: 'example-realm'})
37
41
  end
38
-
42
+
39
43
  it 'should have the correct keycloak token url' do
40
44
  subject.setup_phase
41
45
  expect(subject.token_url).to eq('/auth/realms/example-realm/protocol/openid-connect/token')
@@ -46,4 +50,137 @@ RSpec.describe OmniAuth::Strategies::KeycloakOpenId do
46
50
  expect(subject.authorize_url).to eq('/auth/realms/example-realm/protocol/openid-connect/auth')
47
51
  end
48
52
  end
53
+
54
+ describe 'client base_url option set' do
55
+ context 'to blank string' do
56
+ let(:new_body_endpoints) {
57
+ {
58
+ "authorization_endpoint": "http://localhost:8080/realms/example-realm/protocol/openid-connect/auth",
59
+ "token_endpoint": "http://localhost:8080/realms/example-realm/protocol/openid-connect/token",
60
+ "jwks_uri": "http://localhost:8080/realms/example-realm/protocol/openid-connect/certs"
61
+ }
62
+ }
63
+
64
+ subject do
65
+ stub_request(:get, "http://localhost:8080/realms/example-realm/.well-known/openid-configuration")
66
+ .to_return(status: 200, body: JSON.generate(body.merge(new_body_endpoints)), headers: {})
67
+ stub_request(:get, "http://localhost:8080/realms/example-realm/protocol/openid-connect/certs")
68
+ .to_return(status: 404, body: "", headers: {})
69
+ OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
70
+ client_options: {site: 'http://localhost:8080/', realm: 'example-realm', base_url: ''})
71
+ end
72
+
73
+ it 'should have the correct keycloak token url' do
74
+ subject.setup_phase
75
+ expect(subject.token_url).to eq('/realms/example-realm/protocol/openid-connect/token')
76
+ end
77
+
78
+ it 'should have the correct keycloak authorization url' do
79
+ subject.setup_phase
80
+ expect(subject.authorize_url).to eq('/realms/example-realm/protocol/openid-connect/auth')
81
+ end
82
+ end
83
+
84
+ context 'to invalid string' do
85
+ subject do
86
+ stub_request(:get, "http://localhost:8080/realms/example-realm/.well-known/openid-configuration")
87
+ .to_return(status: 200, body: JSON.generate(body), headers: {})
88
+ stub_request(:get, "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs")
89
+ .to_return(status: 404, body: "", headers: {})
90
+ OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
91
+ client_options: {site: 'http://localhost:8080/', realm: 'example-realm', base_url: 'test'})
92
+ end
93
+
94
+ it 'raises Configuration Error' do
95
+ expect{ subject.setup_phase }
96
+ .to raise_error(OmniAuth::Strategies::KeycloakOpenId::ConfigurationError)
97
+ end
98
+ end
99
+
100
+ context 'to /authorize' do
101
+
102
+ let(:new_body_endpoints) {
103
+ {
104
+ "authorization_endpoint": "http://localhost:8080/authorize/realms/example-realm/protocol/openid-connect/auth",
105
+ "token_endpoint": "http://localhost:8080/authorize/realms/example-realm/protocol/openid-connect/token",
106
+ "jwks_uri": "http://localhost:8080/authorize/realms/example-realm/protocol/openid-connect/certs"
107
+ }
108
+ }
109
+
110
+ subject do
111
+ stub_request(:get, "http://localhost:8080/authorize/realms/example-realm/.well-known/openid-configuration")
112
+ .to_return(status: 200, body: JSON.generate(body.merge(new_body_endpoints)), headers: {})
113
+ stub_request(:get, "http://localhost:8080/authorize/realms/example-realm/protocol/openid-connect/certs")
114
+ .to_return(status: 404, body: "", headers: {})
115
+ OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
116
+ client_options: {site: 'http://localhost:8080/', realm: 'example-realm', base_url: '/authorize'})
117
+ end
118
+
119
+ it 'should have the correct keycloak token url' do
120
+ subject.setup_phase
121
+ expect(subject.token_url).to eq('/authorize/realms/example-realm/protocol/openid-connect/token')
122
+ end
123
+
124
+ it 'should have the correct keycloak authorization url' do
125
+ subject.setup_phase
126
+ expect(subject.authorize_url).to eq('/authorize/realms/example-realm/protocol/openid-connect/auth')
127
+ end
128
+ end
129
+ end
130
+
131
+ context 'client setup with a proc' do
132
+ subject do
133
+ OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', setup: proc { throw :setup_proc_was_called })
134
+ end
135
+
136
+ it 'should call the proc' do
137
+ expect { subject.setup_phase }.to throw_symbol :setup_proc_was_called
138
+ end
139
+ end
140
+
141
+ describe 'errors processing' do
142
+ context 'when site contains /auth part' do
143
+ subject do
144
+ OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
145
+ client_options: {site: 'http://localhost:8080/auth', realm: 'example-realm', raise_on_failure: true})
146
+ end
147
+
148
+ it 'raises Configuration Error' do
149
+ expect{ subject.setup_phase }
150
+ .to raise_error(OmniAuth::Strategies::KeycloakOpenId::ConfigurationError)
151
+ end
152
+ end
153
+
154
+ context 'when raise_on_failure option is true' do
155
+ context 'when openid configuration endpoint returns error response' do
156
+ subject do
157
+ stub_request(:get, "http://localhost:8080/auth/realms/example-realm/.well-known/openid-configuration")
158
+ .to_return(status: 404, body: "", headers: {})
159
+ OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
160
+ client_options: {site: 'http://localhost:8080', realm: 'example-realm', raise_on_failure: true})
161
+ end
162
+
163
+ it 'raises Integration Error' do
164
+ expect{ subject.setup_phase }
165
+ .to raise_error(OmniAuth::Strategies::KeycloakOpenId::IntegrationError)
166
+ end
167
+ end
168
+
169
+ context 'when certificates endpoint returns error response' do
170
+ subject do
171
+ stub_request(:get, "http://localhost:8080/auth/realms/example-realm/.well-known/openid-configuration")
172
+ .to_return(status: 200, body: JSON.generate(body), headers: {})
173
+ stub_request(:get, "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs")
174
+ .to_return(status: 404, body: "", headers: {})
175
+ OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
176
+ client_options: {site: 'http://localhost:8080', realm: 'example-realm', raise_on_failure: true})
177
+ end
178
+
179
+ it 'raises Integration Error' do
180
+ expect{ subject.setup_phase }
181
+ .to raise_error(OmniAuth::Strategies::KeycloakOpenId::IntegrationError)
182
+ end
183
+ end
184
+ end
185
+ end
49
186
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-keycloak
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.0
4
+ version: 1.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Cameron Crockett
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2018-12-16 00:00:00.000000000 Z
11
+ date: 2021-12-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: omniauth
@@ -16,113 +16,113 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: 1.9.0
19
+ version: 2.0.4
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: 1.9.0
26
+ version: 2.0.4
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: omniauth-oauth2
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: 1.6.0
33
+ version: 1.7.1
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: 1.6.0
40
+ version: 1.7.1
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: json-jwt
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
45
  - - "~>"
46
46
  - !ruby/object:Gem::Version
47
- version: 1.9.4
47
+ version: 1.13.0
48
48
  type: :runtime
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
52
  - - "~>"
53
53
  - !ruby/object:Gem::Version
54
- version: 1.9.4
54
+ version: 1.13.0
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: bundler
57
57
  requirement: !ruby/object:Gem::Requirement
58
58
  requirements:
59
59
  - - "~>"
60
60
  - !ruby/object:Gem::Version
61
- version: '1.16'
61
+ version: '2.2'
62
62
  type: :development
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
66
  - - "~>"
67
67
  - !ruby/object:Gem::Version
68
- version: '1.16'
68
+ version: '2.2'
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: rake
71
71
  requirement: !ruby/object:Gem::Requirement
72
72
  requirements:
73
73
  - - "~>"
74
74
  - !ruby/object:Gem::Version
75
- version: '10.0'
75
+ version: '13.0'
76
76
  type: :development
77
77
  prerelease: false
78
78
  version_requirements: !ruby/object:Gem::Requirement
79
79
  requirements:
80
80
  - - "~>"
81
81
  - !ruby/object:Gem::Version
82
- version: '10.0'
82
+ version: '13.0'
83
83
  - !ruby/object:Gem::Dependency
84
84
  name: rspec
85
85
  requirement: !ruby/object:Gem::Requirement
86
86
  requirements:
87
87
  - - "~>"
88
88
  - !ruby/object:Gem::Version
89
- version: '3.0'
89
+ version: '3.10'
90
90
  type: :development
91
91
  prerelease: false
92
92
  version_requirements: !ruby/object:Gem::Requirement
93
93
  requirements:
94
94
  - - "~>"
95
95
  - !ruby/object:Gem::Version
96
- version: '3.0'
96
+ version: '3.10'
97
97
  - !ruby/object:Gem::Dependency
98
98
  name: simplecov
99
99
  requirement: !ruby/object:Gem::Requirement
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: 0.16.1
103
+ version: '0.21'
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: 0.16.1
110
+ version: '0.21'
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: webmock
113
113
  requirement: !ruby/object:Gem::Requirement
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: 3.4.2
117
+ version: '3.14'
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: 3.4.2
125
- description: '"Omniauth strategy for Keycloak"'
124
+ version: '3.14'
125
+ description: Omniauth strategy for Keycloak
126
126
  email:
127
127
  - cameron.crockett@ccrockett.com
128
128
  executables: []
@@ -133,6 +133,7 @@ files:
133
133
  - ".rspec"
134
134
  - ".travis.yml"
135
135
  - ".vscode/settings.json"
136
+ - CHANGELOG.md
136
137
  - CODE_OF_CONDUCT.md
137
138
  - Gemfile
138
139
  - Gemfile.lock
@@ -159,16 +160,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
159
160
  requirements:
160
161
  - - ">="
161
162
  - !ruby/object:Gem::Version
162
- version: '2.2'
163
+ version: '2.6'
163
164
  required_rubygems_version: !ruby/object:Gem::Requirement
164
165
  requirements:
165
166
  - - ">="
166
167
  - !ruby/object:Gem::Version
167
- version: 1.3.5
168
+ version: 3.1.2
168
169
  requirements: []
169
- rubyforge_project:
170
- rubygems_version: 2.7.4
170
+ rubygems_version: 3.1.2
171
171
  signing_key:
172
172
  specification_version: 4
173
- summary: '"Omniauth strategy for Keycloak"'
173
+ summary: Omniauth strategy for Keycloak
174
174
  test_files: []