omniauth-keycloak 1.1.0 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +44 -0
  3. data/Gemfile.lock +78 -66
  4. data/README.md +76 -1
  5. data/lib/keycloak/version.rb +1 -1
  6. data/lib/omniauth/strategies/keycloak-openid.rb +70 -20
  7. data/omniauth-keycloak.gemspec +14 -13
  8. data/spec/omniauth/strategies/keycloak_spec.rb +164 -27
  9. metadata +24 -24
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 04fa7b74d74eb9db8aed382ace2d55315a3ec12e3cd3a280b795cec1ec4ce705
4
- data.tar.gz: 7387598e991f95d589dcb27e8ec05096b21541a0199acd099987c8c87caef4f8
3
+ metadata.gz: 42a3358ad3f8f4524e7d212d716e99eda02fa1b5030dcdeedf1d4b77551be450
4
+ data.tar.gz: 6d3b47d546bbec7de0a9d4c5cba6f1b88568f234180ed195ce84d0f37d9b35d4
5
5
  SHA512:
6
- metadata.gz: 85e9f1ae17b31739d6dd92bfe74b2d6590f8165e13b6f3c2aaa8bf169c39cc9392c44dad413a722fdbcd6f510bbaf28dc41a5ca444eac9fa9014978ead7b097f
7
- data.tar.gz: 921a82a88060f829ccba8e761984c245110b664dc7914910fa23f46f1c1f6c6ba30a1124cb5a33975475894ac7b061e9bb4791b1052178c5fe4fcd9cfb01a1f0
6
+ metadata.gz: f27d6b806f0297f6ffc72c722185a8bc5fa76cb32441dc1936ae8d88109bb2b294c05bcde3f4411254adee5f2af5ae5035e63e151762f030ac9c3bbbfdc000fb
7
+ data.tar.gz: eaac842f3e02d03f5c9cbb677e8c60da6f5159582b742ae94b839210861c8e7133ea23f2e462cf180d217cb4ef6702ab8a7ba8ff09719716ab96a538cbf733b6
data/CHANGELOG.md ADDED
@@ -0,0 +1,44 @@
1
+ # Changelog
2
+
3
+ ## [v1.2.1](https://github.com/ccrockett/omniauth-keycloak/tree/v1.2.1) (2020-12-19)
4
+
5
+ [Full Changelog](https://github.com/ccrockett/omniauth-keycloak/compare/v1.2.0...v1.2.1)
6
+
7
+ **Closed issues:**
8
+
9
+ - Dynamically load Client and Realm [\#11](https://github.com/ccrockett/omniauth-keycloak/issues/11)
10
+ - cannot load such file -- /Library/Ruby/Gems/2.6.0/gems/omniauth-keycloak-1.2.0/lib/omniauth-keycloak.rb \(LoadError\) [\#8](https://github.com/ccrockett/omniauth-keycloak/issues/8)
11
+ - Release json-jwt version restriction change [\#5](https://github.com/ccrockett/omniauth-keycloak/issues/5)
12
+
13
+ **Merged pull requests:**
14
+
15
+ - Raise errors on setup failure and logging with OmniAuth::Strategy::log method [\#10](https://github.com/ccrockett/omniauth-keycloak/pull/10) ([alexpetrov](https://github.com/alexpetrov))
16
+ - Bump json from 2.1.0 to 2.3.1 [\#9](https://github.com/ccrockett/omniauth-keycloak/pull/9) ([dependabot[bot]](https://github.com/apps/dependabot))
17
+
18
+ ## [v1.2.0](https://github.com/ccrockett/omniauth-keycloak/tree/v1.2.0) (2020-05-28)
19
+
20
+ [Full Changelog](https://github.com/ccrockett/omniauth-keycloak/compare/v1.1.0...v1.2.0)
21
+
22
+ **Merged pull requests:**
23
+
24
+ - Bump rack from 2.2.2 to 2.2.3 [\#7](https://github.com/ccrockett/omniauth-keycloak/pull/7) ([dependabot[bot]](https://github.com/apps/dependabot))
25
+ - Bump activesupport from 6.0.1 to 6.0.3.1 [\#6](https://github.com/ccrockett/omniauth-keycloak/pull/6) ([dependabot[bot]](https://github.com/apps/dependabot))
26
+ - Update rake requirement from ~\> 10.0 to ~\> 13.0 [\#4](https://github.com/ccrockett/omniauth-keycloak/pull/4) ([dependabot[bot]](https://github.com/apps/dependabot))
27
+ - Bump rack from 2.0.7 to 2.0.8 [\#2](https://github.com/ccrockett/omniauth-keycloak/pull/2) ([dependabot[bot]](https://github.com/apps/dependabot))
28
+ - Adding Devise Documentation [\#1](https://github.com/ccrockett/omniauth-keycloak/pull/1) ([masonhensley](https://github.com/masonhensley))
29
+
30
+ ## [v1.1.0](https://github.com/ccrockett/omniauth-keycloak/tree/v1.1.0) (2018-12-16)
31
+
32
+ [Full Changelog](https://github.com/ccrockett/omniauth-keycloak/compare/v1.0.1...v1.1.0)
33
+
34
+ ## [v1.0.1](https://github.com/ccrockett/omniauth-keycloak/tree/v1.0.1) (2018-12-16)
35
+
36
+ [Full Changelog](https://github.com/ccrockett/omniauth-keycloak/compare/v1.0.0...v1.0.1)
37
+
38
+ ## [v1.0.0](https://github.com/ccrockett/omniauth-keycloak/tree/v1.0.0) (2018-12-16)
39
+
40
+ [Full Changelog](https://github.com/ccrockett/omniauth-keycloak/compare/7877c8a75f9e3f342b49bf808fa69965377d60b5...v1.0.0)
41
+
42
+
43
+
44
+ \* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*
data/Gemfile.lock CHANGED
@@ -1,96 +1,108 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- omniauth-keycloak (1.0.1)
5
- json-jwt (~> 1.9.4)
6
- omniauth (~> 1.8.1)
7
- omniauth-oauth2 (~> 1.5.0)
4
+ omniauth-keycloak (1.3.0)
5
+ json-jwt (~> 1.13.0)
6
+ omniauth (~> 2.0.4)
7
+ omniauth-oauth2 (~> 1.7.1)
8
8
 
9
9
  GEM
10
10
  remote: https://rubygems.org/
11
11
  specs:
12
- activesupport (5.2.1)
12
+ activesupport (6.1.3.2)
13
13
  concurrent-ruby (~> 1.0, >= 1.0.2)
14
- i18n (>= 0.7, < 2)
15
- minitest (~> 5.1)
16
- tzinfo (~> 1.1)
17
- addressable (2.5.2)
18
- public_suffix (>= 2.0.2, < 4.0)
19
- aes_key_wrap (1.0.1)
20
- bindata (2.4.4)
21
- concurrent-ruby (1.1.3)
22
- crack (0.4.3)
23
- safe_yaml (~> 1.0.0)
24
- diff-lcs (1.3)
25
- docile (1.3.1)
26
- faraday (0.15.3)
14
+ i18n (>= 1.6, < 2)
15
+ minitest (>= 5.1)
16
+ tzinfo (~> 2.0)
17
+ zeitwerk (~> 2.3)
18
+ addressable (2.8.0)
19
+ public_suffix (>= 2.0.2, < 5.0)
20
+ aes_key_wrap (1.1.0)
21
+ bindata (2.4.9)
22
+ concurrent-ruby (1.1.8)
23
+ crack (0.4.5)
24
+ rexml
25
+ diff-lcs (1.4.4)
26
+ docile (1.4.0)
27
+ faraday (1.4.1)
28
+ faraday-excon (~> 1.1)
29
+ faraday-net_http (~> 1.0)
30
+ faraday-net_http_persistent (~> 1.1)
27
31
  multipart-post (>= 1.2, < 3)
28
- hashdiff (0.3.7)
29
- hashie (3.5.7)
30
- i18n (1.1.1)
32
+ ruby2_keywords (>= 0.0.4)
33
+ faraday-excon (1.1.0)
34
+ faraday-net_http (1.0.1)
35
+ faraday-net_http_persistent (1.1.0)
36
+ hashdiff (1.0.1)
37
+ hashie (4.1.0)
38
+ i18n (1.8.10)
31
39
  concurrent-ruby (~> 1.0)
32
- json (2.1.0)
33
- json-jwt (1.9.4)
34
- activesupport
40
+ json-jwt (1.13.0)
41
+ activesupport (>= 4.2)
35
42
  aes_key_wrap
36
43
  bindata
37
- jwt (2.1.0)
38
- minitest (5.11.3)
39
- multi_json (1.13.1)
44
+ jwt (2.2.3)
45
+ minitest (5.14.4)
46
+ multi_json (1.15.0)
40
47
  multi_xml (0.6.0)
41
- multipart-post (2.0.0)
42
- oauth2 (1.4.1)
43
- faraday (>= 0.8, < 0.16.0)
48
+ multipart-post (2.1.1)
49
+ oauth2 (1.4.7)
50
+ faraday (>= 0.8, < 2.0)
44
51
  jwt (>= 1.0, < 3.0)
45
52
  multi_json (~> 1.3)
46
53
  multi_xml (~> 0.5)
47
54
  rack (>= 1.2, < 3)
48
- omniauth (1.8.1)
49
- hashie (>= 3.4.6, < 3.6.0)
55
+ omniauth (2.0.4)
56
+ hashie (>= 3.4.6)
50
57
  rack (>= 1.6.2, < 3)
51
- omniauth-oauth2 (1.5.0)
52
- oauth2 (~> 1.1)
53
- omniauth (~> 1.2)
54
- public_suffix (3.0.3)
55
- rack (2.0.6)
56
- rake (10.5.0)
57
- rspec (3.8.0)
58
- rspec-core (~> 3.8.0)
59
- rspec-expectations (~> 3.8.0)
60
- rspec-mocks (~> 3.8.0)
61
- rspec-core (3.8.0)
62
- rspec-support (~> 3.8.0)
63
- rspec-expectations (3.8.1)
58
+ rack-protection
59
+ omniauth-oauth2 (1.7.1)
60
+ oauth2 (~> 1.4)
61
+ omniauth (>= 1.9, < 3)
62
+ public_suffix (4.0.6)
63
+ rack (2.2.3)
64
+ rack-protection (2.1.0)
65
+ rack
66
+ rake (13.0.1)
67
+ rexml (3.2.5)
68
+ rspec (3.10.0)
69
+ rspec-core (~> 3.10.0)
70
+ rspec-expectations (~> 3.10.0)
71
+ rspec-mocks (~> 3.10.0)
72
+ rspec-core (3.10.1)
73
+ rspec-support (~> 3.10.0)
74
+ rspec-expectations (3.10.1)
64
75
  diff-lcs (>= 1.2.0, < 2.0)
65
- rspec-support (~> 3.8.0)
66
- rspec-mocks (3.8.0)
76
+ rspec-support (~> 3.10.0)
77
+ rspec-mocks (3.10.2)
67
78
  diff-lcs (>= 1.2.0, < 2.0)
68
- rspec-support (~> 3.8.0)
69
- rspec-support (3.8.0)
70
- safe_yaml (1.0.4)
71
- simplecov (0.16.1)
79
+ rspec-support (~> 3.10.0)
80
+ rspec-support (3.10.3)
81
+ ruby2_keywords (0.0.4)
82
+ simplecov (0.21.2)
72
83
  docile (~> 1.1)
73
- json (>= 1.8, < 3)
74
- simplecov-html (~> 0.10.0)
75
- simplecov-html (0.10.2)
76
- thread_safe (0.3.6)
77
- tzinfo (1.2.5)
78
- thread_safe (~> 0.1)
79
- webmock (3.4.2)
80
- addressable (>= 2.3.6)
84
+ simplecov-html (~> 0.11)
85
+ simplecov_json_formatter (~> 0.1)
86
+ simplecov-html (0.12.3)
87
+ simplecov_json_formatter (0.1.3)
88
+ tzinfo (2.0.4)
89
+ concurrent-ruby (~> 1.0)
90
+ webmock (3.14.0)
91
+ addressable (>= 2.8.0)
81
92
  crack (>= 0.3.2)
82
- hashdiff
93
+ hashdiff (>= 0.4.0, < 2.0.0)
94
+ zeitwerk (2.4.2)
83
95
 
84
96
  PLATFORMS
85
97
  ruby
86
98
 
87
99
  DEPENDENCIES
88
- bundler (~> 1.16)
100
+ bundler (~> 2.2)
89
101
  omniauth-keycloak!
90
- rake (~> 10.0)
91
- rspec (~> 3.0)
92
- simplecov (~> 0.16.1)
93
- webmock (~> 3.4.2)
102
+ rake (~> 13.0)
103
+ rspec (~> 3.10)
104
+ simplecov (~> 0.21)
105
+ webmock (~> 3.14)
94
106
 
95
107
  BUNDLED WITH
96
- 1.16.5
108
+ 2.2.31
data/README.md CHANGED
@@ -25,9 +25,84 @@ Here's a quick example, adding the middleware to a Rails app in `config/initiali
25
25
  ```ruby
26
26
  Rails.application.config.middleware.use OmniAuth::Builder do
27
27
  provider :keycloak_openid, 'Example-Client', '19cca35f-dddd-473a-bdd5-03f00d61d884',
28
- client_options: {site: 'https://example.keycloak-url.com', realm: 'example-realm'}
28
+ client_options: {site: 'https://example.keycloak-url.com', realm: 'example-realm'},
29
+ name: 'keycloak'
29
30
  end
30
31
  ```
32
+ This will allow a POST request to `auth/keycloak` since the name is set to keycloak
33
+
34
+ Or using a proc setup with a custom options:
35
+
36
+ ```ruby
37
+ Rails.application.config.middleware.use OmniAuth::Builder do
38
+ SETUP_PROC = lambda do |env|
39
+ request = Rack::Request.new(env)
40
+ organization = Organization.find_by(host: request.host)
41
+ provider_config = organization.enabled_omniauth_providers[:keycloakopenid]
42
+
43
+ env["omniauth.strategy"].options[:client_id] = provider_config[:client_id]
44
+ env["omniauth.strategy"].options[:client_secret] = provider_config[:client_secret]
45
+ env["omniauth.strategy"].options[:client_options] = { site: provider_config[:site], realm: provider_config[:realm] }
46
+ end
47
+
48
+ Rails.application.config.middleware.use OmniAuth::Builder do
49
+ provider :keycloak_openid, setup: SETUP_PROC
50
+ end
51
+ end
52
+ ```
53
+
54
+
55
+ ## Devise Usage
56
+ Adapted from [Devise OmniAuth Instructions](https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview)
57
+
58
+ ```ruby
59
+ # app/models/user.rb
60
+ class User < ApplicationRecord
61
+ #...
62
+ devise :omniauthable, omniauth_providers: %i[keycloakopenid]
63
+ #...
64
+ end
65
+
66
+ # config/initializers/devise.rb
67
+ config.omniauth :keycloak_openid, "Example-Client-Name", "example-secret-if-configured", client_options: { site: "https://example.keycloak-url.com", realm: "example-realm" }, :strategy_class => OmniAuth::Strategies::KeycloakOpenId
68
+
69
+ # Below controller assumes callback route configuration following
70
+ # in config/routes.rb
71
+ Devise.setup do |config|
72
+ # ...
73
+ devise_for :users, controllers: { omniauth_callbacks: 'users/omniauth_callbacks' }
74
+ end
75
+
76
+ # app/controllers/users/omniauth_callbacks_controller.rb
77
+ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
78
+ def keycloakopenid
79
+ Rails.logger.debug(request.env["omniauth.auth"])
80
+ @user = User.from_omniauth(request.env["omniauth.auth"])
81
+ if @user.persisted?
82
+ sign_in_and_redirect @user, event: :authentication
83
+ else
84
+ session["devise.keycloakopenid_data"] = request.env["omniauth.auth"]
85
+ redirect_to new_user_registration_url
86
+ end
87
+ end
88
+
89
+ def failure
90
+ redirect_to root_path
91
+ end
92
+ end
93
+
94
+ ```
95
+
96
+ ## Configuration
97
+ * __Base Url other than /auth__
98
+ This gem tries to get the keycloak configuration from `"#{site}/auth/realms/#{realm}/.well-known/openid-configuration"`. If your keycloak server has been setup to use a different "root" url other than `/auth` then you need to pass in the `base_url` option when setting up the gem:
99
+ ```ruby
100
+ Rails.application.config.middleware.use OmniAuth::Builder do
101
+ provider :keycloak_openid, 'Example-Client', '19cca35f-dddd-473a-bdd5-03f00d61d884',
102
+ client_options: {site: 'https://example.keycloak-url.com', realm: 'example-realm', base_url: '/authorize'},
103
+ name: 'keycloak'
104
+ end
105
+ ```
31
106
 
32
107
  ## Contributing
33
108
 
data/lib/keycloak/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Omniauth
2
2
  module Keycloak
3
- VERSION = "1.1.0"
3
+ VERSION = "1.4.0"
4
4
  end
5
5
  end
data/lib/omniauth/strategies/keycloak-openid.rb CHANGED
@@ -1,54 +1,104 @@
1
1
  require 'omniauth'
2
2
  require 'omniauth-oauth2'
3
3
  require 'json/jwt'
4
+ require 'uri'
4
5
 
5
6
  module OmniAuth
6
7
  module Strategies
7
8
  class KeycloakOpenId < OmniAuth::Strategies::OAuth2
9
+
10
+ class Error < RuntimeError; end
11
+ class ConfigurationError < Error; end
12
+ class IntegrationError < Error; end
13
+
8
14
  attr_reader :authorize_url
9
15
  attr_reader :token_url
10
- attr_reader :cert
16
+ attr_reader :certs
11
17
 
12
18
  def setup_phase
19
+ super
20
+
13
21
  if @authorize_url.nil? || @token_url.nil?
22
+ prevent_site_option_mistake
23
+
14
24
  realm = options.client_options[:realm].nil? ? options.client_id : options.client_options[:realm]
15
25
  site = options.client_options[:site]
16
- response = Faraday.get "#{options.client_options[:site]}/auth/realms/#{realm}/.well-known/openid-configuration"
26
+
27
+ raise_on_failure = options.client_options.fetch(:raise_on_failure, false)
28
+
29
+ config_url = URI.join(site, "#{auth_url_base}/realms/#{realm}/.well-known/openid-configuration")
30
+
31
+ log :debug, "Going to get Keycloak configuration. URL: #{config_url}"
32
+ response = Faraday.get config_url
17
33
  if (response.status == 200)
18
34
  json = MultiJson.load(response.body)
35
+
19
36
  @certs_endpoint = json["jwks_uri"]
20
37
  @userinfo_endpoint = json["userinfo_endpoint"]
21
- @authorize_url = json["authorization_endpoint"].gsub(site, "")
22
- @token_url = json["token_endpoint"].gsub(site, "")
38
+ @authorize_url = URI(json["authorization_endpoint"]).path
39
+ @token_url = URI(json["token_endpoint"]).path
40
+
41
+ log_config(json)
42
+
23
43
  options.client_options.merge!({
24
44
  authorize_url: @authorize_url,
25
45
  token_url: @token_url
26
- })
46
+ })
47
+ log :debug, "Going to get certificates. URL: #{@certs_endpoint}"
27
48
  certs = Faraday.get @certs_endpoint
28
49
  if (certs.status == 200)
29
50
  json = MultiJson.load(certs.body)
30
- @cert = json["keys"][0]
51
+ @certs = json["keys"]
52
+ log :debug, "Successfully got certificate. Certificate length: #{@certs.length}"
31
53
  else
32
- #TODO: Throw Error
33
- puts "Couldn't get Cert"
34
- end
54
+ message = "Coundn't get certificate. URL: #{@certs_endpoint}"
55
+ log :error, message
56
+ raise IntegrationError, message if raise_on_failure
57
+ end
35
58
  else
36
- #TODO: Throw Error
37
- puts response.status
59
+ message = "Keycloak configuration request failed with status: #{response.status}. " \
60
+ "URL: #{config_url}"
61
+ log :error, message
62
+ raise IntegrationError, message if raise_on_failure
38
63
  end
39
64
  end
40
65
  end
41
-
66
+
67
+ def auth_url_base
68
+ return '/auth' unless options.client_options[:base_url]
69
+ base_url = options.client_options[:base_url]
70
+ return base_url if (base_url == '' || base_url[0] == '/')
71
+
72
+ raise ConfigurationError, "Keycloak base_url option should start with '/'. Current value: #{base_url}"
73
+ end
74
+
75
+ def prevent_site_option_mistake
76
+ site = options.client_options[:site]
77
+ return unless site =~ /\/auth$/
78
+
79
+ raise ConfigurationError, "Keycloak site parameter should not include /auth part, only domain. Current value: #{site}"
80
+ end
81
+
82
+ def log_config(config_json)
83
+ log_keycloak_config = options.client_options.fetch(:log_keycloak_config, false)
84
+ log :debug, "Successfully got Keycloak config"
85
+ log :debug, "Keycloak config: #{config_json}" if log_keycloak_config
86
+ log :debug, "Certs endpoint: #{@certs_endpoint}"
87
+ log :debug, "Userinfo endpoint: #{@userinfo_endpoint}"
88
+ log :debug, "Authorize url: #{@authorize_url}"
89
+ log :debug, "Token url: #{@token_url}"
90
+ end
91
+
42
92
  def build_access_token
43
93
  verifier = request.params["code"]
44
- client.auth_code.get_token(verifier,
94
+ client.auth_code.get_token(verifier,
45
95
  {:redirect_uri => callback_url.gsub(/\?.+\Z/, "")}
46
- .merge(token_params.to_hash(:symbolize_keys => true)),
96
+ .merge(token_params.to_hash(:symbolize_keys => true)),
47
97
  deep_symbolize(options.auth_token_params))
48
98
  end
49
99
 
50
100
  uid{ raw_info['sub'] }
51
-
101
+
52
102
  info do
53
103
  {
54
104
  :name => raw_info['name'],
@@ -57,21 +107,21 @@ module OmniAuth
57
107
  :last_name => raw_info['family_name']
58
108
  }
59
109
  end
60
-
110
+
61
111
  extra do
62
112
  {
63
113
  'raw_info' => raw_info
64
114
  }
65
115
  end
66
-
116
+
67
117
  def raw_info
68
118
  id_token_string = access_token.token
69
- jwk = JSON::JWK.new(@cert)
70
- id_token = JSON::JWT.decode id_token_string, jwk
119
+ jwks = JSON::JWK::Set.new(@certs)
120
+ id_token = JSON::JWT.decode id_token_string, jwks
71
121
  id_token
72
122
  end
73
123
 
74
124
  OmniAuth.config.add_camelization('keycloak_openid', 'KeycloakOpenId')
75
125
  end
76
126
  end
77
- end
127
+ end
data/omniauth-keycloak.gemspec CHANGED
@@ -4,13 +4,13 @@ Gem::Specification.new do |spec|
4
4
  spec.version = Omniauth::Keycloak::VERSION
5
5
  spec.authors = ["Cameron Crockett"]
6
6
  spec.email = ["cameron.crockett@ccrockett.com"]
7
-
8
- spec.description = %q{"Omniauth strategy for Keycloak"}
7
+
8
+ spec.description = %q{Omniauth strategy for Keycloak}
9
9
  spec.summary = spec.description
10
10
  spec.homepage = "https://github.com/ccrockett/omniauth-keycloak"
11
11
  spec.license = "MIT"
12
- spec.required_rubygems_version = '>= 1.3.5'
13
- spec.required_ruby_version = '>= 2.2'
12
+ spec.required_rubygems_version = '>= 3.1.2'
13
+ spec.required_ruby_version = '>= 2.6'
14
14
 
15
15
  # Specify which files should be added to the gem when it is released.
16
16
  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
@@ -22,13 +22,14 @@ Gem::Specification.new do |spec|
22
22
  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
23
23
  spec.require_paths = ["lib"]
24
24
 
25
-
26
- spec.add_dependency "omniauth", "~> 1.9.0"
27
- spec.add_dependency "omniauth-oauth2", "~> 1.6.0"
28
- spec.add_dependency "json-jwt", "~> 1.9.4"
29
- spec.add_development_dependency "bundler", "~> 1.16"
30
- spec.add_development_dependency "rake", "~> 10.0"
31
- spec.add_development_dependency "rspec", "~> 3.0"
32
- spec.add_development_dependency 'simplecov', '~> 0.16.1'
33
- spec.add_development_dependency 'webmock', '~> 3.4.2'
25
+
26
+ spec.add_dependency "omniauth", "~> 2.0.4"
27
+ spec.add_dependency "omniauth-oauth2", "~> 1.7.1"
28
+ spec.add_dependency "json-jwt", "~> 1.13.0"
29
+
30
+ spec.add_development_dependency "bundler", "~> 2.2"
31
+ spec.add_development_dependency "rake", "~> 13.0"
32
+ spec.add_development_dependency "rspec", "~> 3.10"
33
+ spec.add_development_dependency 'simplecov', '~> 0.21'
34
+ spec.add_development_dependency 'webmock', '~> 3.14'
34
35
  end
data/spec/omniauth/strategies/keycloak_spec.rb CHANGED
@@ -1,41 +1,45 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  RSpec.describe OmniAuth::Strategies::KeycloakOpenId do
4
- body = '{"issuer": "http://localhost:8080/auth/realms/example-realm",
5
- "authorization_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/auth",
6
- "token_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/token",
7
- "token_introspection_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/token/introspect",
8
- "userinfo_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/userinfo",
9
- "end_session_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/logout",
10
- "jwks_uri": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs",
11
- "check_session_iframe": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/login-status-iframe.html",
12
- "grant_types_supported": ["authorization_code", "implicit", "refresh_token", "password", "client_credentials"],
13
- "response_types_supported": ["code", "none", "id_token", "token", "id_token token", "code id_token", "code token", "code id_token token"],
14
- "subject_types_supported": ["public", "pairwise"],
15
- "id_token_signing_alg_values_supported": ["RS256"],
16
- "userinfo_signing_alg_values_supported": ["RS256"],
17
- "request_object_signing_alg_values_supported": ["none", "RS256"],
18
- "response_modes_supported": ["query", "fragment", "form_post"],
19
- "registration_endpoint": "http://localhost:8080/auth/realms/example-realm/clients-registrations/openid-connect",
20
- "token_endpoint_auth_methods_supported": ["private_key_jwt", "client_secret_basic", "client_secret_post"],
21
- "token_endpoint_auth_signing_alg_values_supported": ["RS256"],
22
- "claims_supported": ["sub", "iss", "auth_time", "name", "given_name", "family_name", "preferred_username", "email"],
23
- "claim_types_supported": ["normal"],
24
- "claims_parameter_supported": false,
25
- "scopes_supported": ["openid", "offline_access"],
26
- "request_parameter_supported": true,
27
- "request_uri_parameter_supported": true}'
4
+ let(:body) {
5
+ {
6
+ "issuer": "http://localhost:8080/auth/realms/example-realm",
7
+ "authorization_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/auth",
8
+ "token_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/token",
9
+ "token_introspection_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/token/introspect",
10
+ "userinfo_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/userinfo",
11
+ "end_session_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/logout",
12
+ "jwks_uri": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs",
13
+ "check_session_iframe": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/login-status-iframe.html",
14
+ "grant_types_supported": ["authorization_code", "implicit", "refresh_token", "password", "client_credentials"],
15
+ "response_types_supported": ["code", "none", "id_token", "token", "id_token token", "code id_token", "code token", "code id_token token"],
16
+ "subject_types_supported": ["public", "pairwise"],
17
+ "id_token_signing_alg_values_supported": ["RS256"],
18
+ "userinfo_signing_alg_values_supported": ["RS256"],
19
+ "request_object_signing_alg_values_supported": ["none", "RS256"],
20
+ "response_modes_supported": ["query", "fragment", "form_post"],
21
+ "registration_endpoint": "http://localhost:8080/auth/realms/example-realm/clients-registrations/openid-connect",
22
+ "token_endpoint_auth_methods_supported": ["private_key_jwt", "client_secret_basic", "client_secret_post"],
23
+ "token_endpoint_auth_signing_alg_values_supported": ["RS256"],
24
+ "claims_supported": ["sub", "iss", "auth_time", "name", "given_name", "family_name", "preferred_username", "email"],
25
+ "claim_types_supported": ["normal"],
26
+ "claims_parameter_supported": false,
27
+ "scopes_supported": ["openid", "offline_access"],
28
+ "request_parameter_supported": true,
29
+ "request_uri_parameter_supported": true
30
+ }
31
+ }
28
32
 
29
33
  context 'client options' do
30
34
  subject do
31
35
  stub_request(:get, "http://localhost:8080/auth/realms/example-realm/.well-known/openid-configuration")
32
- .to_return(status: 200, body: body, headers: {})
36
+ .to_return(status: 200, body: JSON.generate(body), headers: {})
33
37
  stub_request(:get, "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs")
34
38
  .to_return(status: 404, body: "", headers: {})
35
39
  OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
36
- client_options: {site: 'http://localhost:8080', realm: 'example-realm'})
40
+ client_options: {site: 'http://localhost:8080/', realm: 'example-realm'})
37
41
  end
38
-
42
+
39
43
  it 'should have the correct keycloak token url' do
40
44
  subject.setup_phase
41
45
  expect(subject.token_url).to eq('/auth/realms/example-realm/protocol/openid-connect/token')
@@ -46,4 +50,137 @@ RSpec.describe OmniAuth::Strategies::KeycloakOpenId do
46
50
  expect(subject.authorize_url).to eq('/auth/realms/example-realm/protocol/openid-connect/auth')
47
51
  end
48
52
  end
53
+
54
+ describe 'client base_url option set' do
55
+ context 'to blank string' do
56
+ let(:new_body_endpoints) {
57
+ {
58
+ "authorization_endpoint": "http://localhost:8080/realms/example-realm/protocol/openid-connect/auth",
59
+ "token_endpoint": "http://localhost:8080/realms/example-realm/protocol/openid-connect/token",
60
+ "jwks_uri": "http://localhost:8080/realms/example-realm/protocol/openid-connect/certs"
61
+ }
62
+ }
63
+
64
+ subject do
65
+ stub_request(:get, "http://localhost:8080/realms/example-realm/.well-known/openid-configuration")
66
+ .to_return(status: 200, body: JSON.generate(body.merge(new_body_endpoints)), headers: {})
67
+ stub_request(:get, "http://localhost:8080/realms/example-realm/protocol/openid-connect/certs")
68
+ .to_return(status: 404, body: "", headers: {})
69
+ OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
70
+ client_options: {site: 'http://localhost:8080/', realm: 'example-realm', base_url: ''})
71
+ end
72
+
73
+ it 'should have the correct keycloak token url' do
74
+ subject.setup_phase
75
+ expect(subject.token_url).to eq('/realms/example-realm/protocol/openid-connect/token')
76
+ end
77
+
78
+ it 'should have the correct keycloak authorization url' do
79
+ subject.setup_phase
80
+ expect(subject.authorize_url).to eq('/realms/example-realm/protocol/openid-connect/auth')
81
+ end
82
+ end
83
+
84
+ context 'to invalid string' do
85
+ subject do
86
+ stub_request(:get, "http://localhost:8080/realms/example-realm/.well-known/openid-configuration")
87
+ .to_return(status: 200, body: JSON.generate(body), headers: {})
88
+ stub_request(:get, "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs")
89
+ .to_return(status: 404, body: "", headers: {})
90
+ OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
91
+ client_options: {site: 'http://localhost:8080/', realm: 'example-realm', base_url: 'test'})
92
+ end
93
+
94
+ it 'raises Configuration Error' do
95
+ expect{ subject.setup_phase }
96
+ .to raise_error(OmniAuth::Strategies::KeycloakOpenId::ConfigurationError)
97
+ end
98
+ end
99
+
100
+ context 'to /authorize' do
101
+
102
+ let(:new_body_endpoints) {
103
+ {
104
+ "authorization_endpoint": "http://localhost:8080/authorize/realms/example-realm/protocol/openid-connect/auth",
105
+ "token_endpoint": "http://localhost:8080/authorize/realms/example-realm/protocol/openid-connect/token",
106
+ "jwks_uri": "http://localhost:8080/authorize/realms/example-realm/protocol/openid-connect/certs"
107
+ }
108
+ }
109
+
110
+ subject do
111
+ stub_request(:get, "http://localhost:8080/authorize/realms/example-realm/.well-known/openid-configuration")
112
+ .to_return(status: 200, body: JSON.generate(body.merge(new_body_endpoints)), headers: {})
113
+ stub_request(:get, "http://localhost:8080/authorize/realms/example-realm/protocol/openid-connect/certs")
114
+ .to_return(status: 404, body: "", headers: {})
115
+ OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
116
+ client_options: {site: 'http://localhost:8080/', realm: 'example-realm', base_url: '/authorize'})
117
+ end
118
+
119
+ it 'should have the correct keycloak token url' do
120
+ subject.setup_phase
121
+ expect(subject.token_url).to eq('/authorize/realms/example-realm/protocol/openid-connect/token')
122
+ end
123
+
124
+ it 'should have the correct keycloak authorization url' do
125
+ subject.setup_phase
126
+ expect(subject.authorize_url).to eq('/authorize/realms/example-realm/protocol/openid-connect/auth')
127
+ end
128
+ end
129
+ end
130
+
131
+ context 'client setup with a proc' do
132
+ subject do
133
+ OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', setup: proc { throw :setup_proc_was_called })
134
+ end
135
+
136
+ it 'should call the proc' do
137
+ expect { subject.setup_phase }.to throw_symbol :setup_proc_was_called
138
+ end
139
+ end
140
+
141
+ describe 'errors processing' do
142
+ context 'when site contains /auth part' do
143
+ subject do
144
+ OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
145
+ client_options: {site: 'http://localhost:8080/auth', realm: 'example-realm', raise_on_failure: true})
146
+ end
147
+
148
+ it 'raises Configuration Error' do
149
+ expect{ subject.setup_phase }
150
+ .to raise_error(OmniAuth::Strategies::KeycloakOpenId::ConfigurationError)
151
+ end
152
+ end
153
+
154
+ context 'when raise_on_failure option is true' do
155
+ context 'when openid configuration endpoint returns error response' do
156
+ subject do
157
+ stub_request(:get, "http://localhost:8080/auth/realms/example-realm/.well-known/openid-configuration")
158
+ .to_return(status: 404, body: "", headers: {})
159
+ OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
160
+ client_options: {site: 'http://localhost:8080', realm: 'example-realm', raise_on_failure: true})
161
+ end
162
+
163
+ it 'raises Integration Error' do
164
+ expect{ subject.setup_phase }
165
+ .to raise_error(OmniAuth::Strategies::KeycloakOpenId::IntegrationError)
166
+ end
167
+ end
168
+
169
+ context 'when certificates endpoint returns error response' do
170
+ subject do
171
+ stub_request(:get, "http://localhost:8080/auth/realms/example-realm/.well-known/openid-configuration")
172
+ .to_return(status: 200, body: JSON.generate(body), headers: {})
173
+ stub_request(:get, "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs")
174
+ .to_return(status: 404, body: "", headers: {})
175
+ OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
176
+ client_options: {site: 'http://localhost:8080', realm: 'example-realm', raise_on_failure: true})
177
+ end
178
+
179
+ it 'raises Integration Error' do
180
+ expect{ subject.setup_phase }
181
+ .to raise_error(OmniAuth::Strategies::KeycloakOpenId::IntegrationError)
182
+ end
183
+ end
184
+ end
185
+ end
49
186
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-keycloak
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.0
4
+ version: 1.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Cameron Crockett
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2018-12-16 00:00:00.000000000 Z
11
+ date: 2021-12-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: omniauth
@@ -16,113 +16,113 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: 1.9.0
19
+ version: 2.0.4
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: 1.9.0
26
+ version: 2.0.4
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: omniauth-oauth2
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: 1.6.0
33
+ version: 1.7.1
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: 1.6.0
40
+ version: 1.7.1
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: json-jwt
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
45
  - - "~>"
46
46
  - !ruby/object:Gem::Version
47
- version: 1.9.4
47
+ version: 1.13.0
48
48
  type: :runtime
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
52
  - - "~>"
53
53
  - !ruby/object:Gem::Version
54
- version: 1.9.4
54
+ version: 1.13.0
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: bundler
57
57
  requirement: !ruby/object:Gem::Requirement
58
58
  requirements:
59
59
  - - "~>"
60
60
  - !ruby/object:Gem::Version
61
- version: '1.16'
61
+ version: '2.2'
62
62
  type: :development
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
66
  - - "~>"
67
67
  - !ruby/object:Gem::Version
68
- version: '1.16'
68
+ version: '2.2'
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: rake
71
71
  requirement: !ruby/object:Gem::Requirement
72
72
  requirements:
73
73
  - - "~>"
74
74
  - !ruby/object:Gem::Version
75
- version: '10.0'
75
+ version: '13.0'
76
76
  type: :development
77
77
  prerelease: false
78
78
  version_requirements: !ruby/object:Gem::Requirement
79
79
  requirements:
80
80
  - - "~>"
81
81
  - !ruby/object:Gem::Version
82
- version: '10.0'
82
+ version: '13.0'
83
83
  - !ruby/object:Gem::Dependency
84
84
  name: rspec
85
85
  requirement: !ruby/object:Gem::Requirement
86
86
  requirements:
87
87
  - - "~>"
88
88
  - !ruby/object:Gem::Version
89
- version: '3.0'
89
+ version: '3.10'
90
90
  type: :development
91
91
  prerelease: false
92
92
  version_requirements: !ruby/object:Gem::Requirement
93
93
  requirements:
94
94
  - - "~>"
95
95
  - !ruby/object:Gem::Version
96
- version: '3.0'
96
+ version: '3.10'
97
97
  - !ruby/object:Gem::Dependency
98
98
  name: simplecov
99
99
  requirement: !ruby/object:Gem::Requirement
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: 0.16.1
103
+ version: '0.21'
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: 0.16.1
110
+ version: '0.21'
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: webmock
113
113
  requirement: !ruby/object:Gem::Requirement
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: 3.4.2
117
+ version: '3.14'
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: 3.4.2
125
- description: '"Omniauth strategy for Keycloak"'
124
+ version: '3.14'
125
+ description: Omniauth strategy for Keycloak
126
126
  email:
127
127
  - cameron.crockett@ccrockett.com
128
128
  executables: []
@@ -133,6 +133,7 @@ files:
133
133
  - ".rspec"
134
134
  - ".travis.yml"
135
135
  - ".vscode/settings.json"
136
+ - CHANGELOG.md
136
137
  - CODE_OF_CONDUCT.md
137
138
  - Gemfile
138
139
  - Gemfile.lock
@@ -159,16 +160,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
159
160
  requirements:
160
161
  - - ">="
161
162
  - !ruby/object:Gem::Version
162
- version: '2.2'
163
+ version: '2.6'
163
164
  required_rubygems_version: !ruby/object:Gem::Requirement
164
165
  requirements:
165
166
  - - ">="
166
167
  - !ruby/object:Gem::Version
167
- version: 1.3.5
168
+ version: 3.1.2
168
169
  requirements: []
169
- rubyforge_project:
170
- rubygems_version: 2.7.4
170
+ rubygems_version: 3.1.2
171
171
  signing_key:
172
172
  specification_version: 4
173
- summary: '"Omniauth strategy for Keycloak"'
173
+ summary: Omniauth strategy for Keycloak
174
174
  test_files: []