omniauth-keycloak 1.2.0 → 1.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +44 -0
- data/Gemfile.lock +2 -2
- data/lib/keycloak/version.rb +1 -1
- data/lib/omniauth/strategies/keycloak-openid.rb +51 -11
- data/spec/omniauth/strategies/keycloak_spec.rb +47 -1
- metadata +4 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8be07c97d1ead033d698f4d6e8770acce8510a7ef668ab151df4fe642baa982d
|
|
4
|
+
data.tar.gz: 5002e62859a28e1b0cd3ffb708ac2618636397432148094d377e0305b568e88b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f9e06365f46b0e84328d4a51bee5fec151a479811376fb5a92fbf23a411471c5a5a06e8e9ac38daab40f254314ea53382fecb25fc835919237f433d086fb9bd3
|
|
7
|
+
data.tar.gz: a32b6d90b31251d019af5f74b21fca7260d8691cc9afb6c8fe40cd3c50bdf96558f1d381a7251fd3a3f16de4e2dfef8e4f588ee0d643f3c5f66026b90e5954a6
|
data/CHANGELOG.md
ADDED
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
# Changelog
|
|
2
|
+
|
|
3
|
+
## [v1.2.1](https://github.com/ccrockett/omniauth-keycloak/tree/v1.2.1) (2020-12-19)
|
|
4
|
+
|
|
5
|
+
[Full Changelog](https://github.com/ccrockett/omniauth-keycloak/compare/v1.2.0...v1.2.1)
|
|
6
|
+
|
|
7
|
+
**Closed issues:**
|
|
8
|
+
|
|
9
|
+
- Dynamically load Client and Realm [\#11](https://github.com/ccrockett/omniauth-keycloak/issues/11)
|
|
10
|
+
- cannot load such file -- /Library/Ruby/Gems/2.6.0/gems/omniauth-keycloak-1.2.0/lib/omniauth-keycloak.rb \(LoadError\) [\#8](https://github.com/ccrockett/omniauth-keycloak/issues/8)
|
|
11
|
+
- Release json-jwt version restriction change [\#5](https://github.com/ccrockett/omniauth-keycloak/issues/5)
|
|
12
|
+
|
|
13
|
+
**Merged pull requests:**
|
|
14
|
+
|
|
15
|
+
- Raise errors on setup failure and logging with OmniAuth::Strategy::log method [\#10](https://github.com/ccrockett/omniauth-keycloak/pull/10) ([alexpetrov](https://github.com/alexpetrov))
|
|
16
|
+
- Bump json from 2.1.0 to 2.3.1 [\#9](https://github.com/ccrockett/omniauth-keycloak/pull/9) ([dependabot[bot]](https://github.com/apps/dependabot))
|
|
17
|
+
|
|
18
|
+
## [v1.2.0](https://github.com/ccrockett/omniauth-keycloak/tree/v1.2.0) (2020-05-28)
|
|
19
|
+
|
|
20
|
+
[Full Changelog](https://github.com/ccrockett/omniauth-keycloak/compare/v1.1.0...v1.2.0)
|
|
21
|
+
|
|
22
|
+
**Merged pull requests:**
|
|
23
|
+
|
|
24
|
+
- Bump rack from 2.2.2 to 2.2.3 [\#7](https://github.com/ccrockett/omniauth-keycloak/pull/7) ([dependabot[bot]](https://github.com/apps/dependabot))
|
|
25
|
+
- Bump activesupport from 6.0.1 to 6.0.3.1 [\#6](https://github.com/ccrockett/omniauth-keycloak/pull/6) ([dependabot[bot]](https://github.com/apps/dependabot))
|
|
26
|
+
- Update rake requirement from ~\> 10.0 to ~\> 13.0 [\#4](https://github.com/ccrockett/omniauth-keycloak/pull/4) ([dependabot[bot]](https://github.com/apps/dependabot))
|
|
27
|
+
- Bump rack from 2.0.7 to 2.0.8 [\#2](https://github.com/ccrockett/omniauth-keycloak/pull/2) ([dependabot[bot]](https://github.com/apps/dependabot))
|
|
28
|
+
- Adding Devise Documentation [\#1](https://github.com/ccrockett/omniauth-keycloak/pull/1) ([masonhensley](https://github.com/masonhensley))
|
|
29
|
+
|
|
30
|
+
## [v1.1.0](https://github.com/ccrockett/omniauth-keycloak/tree/v1.1.0) (2018-12-16)
|
|
31
|
+
|
|
32
|
+
[Full Changelog](https://github.com/ccrockett/omniauth-keycloak/compare/v1.0.1...v1.1.0)
|
|
33
|
+
|
|
34
|
+
## [v1.0.1](https://github.com/ccrockett/omniauth-keycloak/tree/v1.0.1) (2018-12-16)
|
|
35
|
+
|
|
36
|
+
[Full Changelog](https://github.com/ccrockett/omniauth-keycloak/compare/v1.0.0...v1.0.1)
|
|
37
|
+
|
|
38
|
+
## [v1.0.0](https://github.com/ccrockett/omniauth-keycloak/tree/v1.0.0) (2018-12-16)
|
|
39
|
+
|
|
40
|
+
[Full Changelog](https://github.com/ccrockett/omniauth-keycloak/compare/7877c8a75f9e3f342b49bf808fa69965377d60b5...v1.0.0)
|
|
41
|
+
|
|
42
|
+
|
|
43
|
+
|
|
44
|
+
\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*
|
data/Gemfile.lock
CHANGED
|
@@ -30,7 +30,7 @@ GEM
|
|
|
30
30
|
hashie (4.1.0)
|
|
31
31
|
i18n (1.8.2)
|
|
32
32
|
concurrent-ruby (~> 1.0)
|
|
33
|
-
json (2.1
|
|
33
|
+
json (2.3.1)
|
|
34
34
|
json-jwt (1.12.0)
|
|
35
35
|
activesupport (>= 4.2)
|
|
36
36
|
aes_key_wrap
|
|
@@ -53,7 +53,7 @@ GEM
|
|
|
53
53
|
oauth2 (~> 1.1)
|
|
54
54
|
omniauth (~> 1.9)
|
|
55
55
|
public_suffix (3.0.3)
|
|
56
|
-
rack (2.2.
|
|
56
|
+
rack (2.2.3)
|
|
57
57
|
rake (13.0.1)
|
|
58
58
|
rspec (3.8.0)
|
|
59
59
|
rspec-core (~> 3.8.0)
|
data/lib/keycloak/version.rb
CHANGED
|
@@ -1,44 +1,84 @@
|
|
|
1
1
|
require 'omniauth'
|
|
2
2
|
require 'omniauth-oauth2'
|
|
3
3
|
require 'json/jwt'
|
|
4
|
+
require 'uri'
|
|
4
5
|
|
|
5
6
|
module OmniAuth
|
|
6
7
|
module Strategies
|
|
7
8
|
class KeycloakOpenId < OmniAuth::Strategies::OAuth2
|
|
9
|
+
|
|
10
|
+
class Error < RuntimeError; end
|
|
11
|
+
class ConfigurationError < Error; end
|
|
12
|
+
class IntegrationError < Error; end
|
|
13
|
+
|
|
8
14
|
attr_reader :authorize_url
|
|
9
15
|
attr_reader :token_url
|
|
10
16
|
attr_reader :cert
|
|
11
17
|
|
|
12
18
|
def setup_phase
|
|
13
19
|
if @authorize_url.nil? || @token_url.nil?
|
|
20
|
+
prevent_site_option_mistake
|
|
21
|
+
|
|
14
22
|
realm = options.client_options[:realm].nil? ? options.client_id : options.client_options[:realm]
|
|
15
23
|
site = options.client_options[:site]
|
|
16
|
-
|
|
24
|
+
|
|
25
|
+
raise_on_failure = options.client_options.fetch(:raise_on_failure, false)
|
|
26
|
+
|
|
27
|
+
config_url = URI.join(site, "/auth/realms/#{realm}/.well-known/openid-configuration")
|
|
28
|
+
|
|
29
|
+
log :debug, "Going to get Keycloak configuration. URL: #{config_url}"
|
|
30
|
+
response = Faraday.get config_url
|
|
17
31
|
if (response.status == 200)
|
|
18
32
|
json = MultiJson.load(response.body)
|
|
33
|
+
|
|
19
34
|
@certs_endpoint = json["jwks_uri"]
|
|
20
35
|
@userinfo_endpoint = json["userinfo_endpoint"]
|
|
21
|
-
@authorize_url = json["authorization_endpoint"].
|
|
22
|
-
@token_url = json["token_endpoint"].
|
|
36
|
+
@authorize_url = URI(json["authorization_endpoint"]).path
|
|
37
|
+
@token_url = URI(json["token_endpoint"]).path
|
|
38
|
+
|
|
39
|
+
log_config(json)
|
|
40
|
+
|
|
23
41
|
options.client_options.merge!({
|
|
24
42
|
authorize_url: @authorize_url,
|
|
25
43
|
token_url: @token_url
|
|
26
|
-
|
|
44
|
+
})
|
|
45
|
+
log :debug, "Going to get certificates. URL: #{@certs_endpoint}"
|
|
27
46
|
certs = Faraday.get @certs_endpoint
|
|
28
47
|
if (certs.status == 200)
|
|
29
48
|
json = MultiJson.load(certs.body)
|
|
30
49
|
@cert = json["keys"][0]
|
|
50
|
+
log :debug, "Successfully got certificate. Certificate length: #{@cert.length}"
|
|
31
51
|
else
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
52
|
+
message = "Coundn't get certificate. URL: #{@certs_endpoint}"
|
|
53
|
+
log :error, message
|
|
54
|
+
raise IntegrationError, message if raise_on_failure
|
|
55
|
+
end
|
|
35
56
|
else
|
|
36
|
-
|
|
37
|
-
|
|
57
|
+
message = "Keycloak configuration request failed with status: #{response.status}. " \
|
|
58
|
+
"URL: #{config_url}"
|
|
59
|
+
log :error, message
|
|
60
|
+
raise IntegrationError, message if raise_on_failure
|
|
38
61
|
end
|
|
39
62
|
end
|
|
40
63
|
end
|
|
41
|
-
|
|
64
|
+
|
|
65
|
+
def prevent_site_option_mistake
|
|
66
|
+
site = options.client_options[:site]
|
|
67
|
+
return unless site =~ /\/auth$/
|
|
68
|
+
|
|
69
|
+
raise ConfigurationError, "Keycloak site parameter should not include /auth part, only domain. Current value: #{site}"
|
|
70
|
+
end
|
|
71
|
+
|
|
72
|
+
def log_config(config_json)
|
|
73
|
+
log_keycloak_config = options.client_options.fetch(:log_keycloak_config, false)
|
|
74
|
+
log :debug, "Successfully got Keycloak config"
|
|
75
|
+
log :debug, "Keycloak config: #{config_json}" if log_keycloak_config
|
|
76
|
+
log :debug, "Certs endpoint: #{@certs_endpoint}"
|
|
77
|
+
log :debug, "Userinfo endpoint: #{@userinfo_endpoint}"
|
|
78
|
+
log :debug, "Authorize url: #{@authorize_url}"
|
|
79
|
+
log :debug, "Token url: #{@token_url}"
|
|
80
|
+
end
|
|
81
|
+
|
|
42
82
|
def build_access_token
|
|
43
83
|
verifier = request.params["code"]
|
|
44
84
|
client.auth_code.get_token(verifier,
|
|
@@ -74,4 +114,4 @@ module OmniAuth
|
|
|
74
114
|
OmniAuth.config.add_camelization('keycloak_openid', 'KeycloakOpenId')
|
|
75
115
|
end
|
|
76
116
|
end
|
|
77
|
-
end
|
|
117
|
+
end
|
|
@@ -33,7 +33,7 @@ RSpec.describe OmniAuth::Strategies::KeycloakOpenId do
|
|
|
33
33
|
stub_request(:get, "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs")
|
|
34
34
|
.to_return(status: 404, body: "", headers: {})
|
|
35
35
|
OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
|
|
36
|
-
client_options: {site: 'http://localhost:8080', realm: 'example-realm'})
|
|
36
|
+
client_options: {site: 'http://localhost:8080/', realm: 'example-realm'})
|
|
37
37
|
end
|
|
38
38
|
|
|
39
39
|
it 'should have the correct keycloak token url' do
|
|
@@ -46,4 +46,50 @@ RSpec.describe OmniAuth::Strategies::KeycloakOpenId do
|
|
|
46
46
|
expect(subject.authorize_url).to eq('/auth/realms/example-realm/protocol/openid-connect/auth')
|
|
47
47
|
end
|
|
48
48
|
end
|
|
49
|
+
|
|
50
|
+
describe 'errors processing' do
|
|
51
|
+
context 'when site contains /auth part' do
|
|
52
|
+
subject do
|
|
53
|
+
OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
|
|
54
|
+
client_options: {site: 'http://localhost:8080/auth', realm: 'example-realm', raise_on_failure: true})
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
it 'raises Configuration Error' do
|
|
58
|
+
expect{ subject.setup_phase }
|
|
59
|
+
.to raise_error(OmniAuth::Strategies::KeycloakOpenId::ConfigurationError)
|
|
60
|
+
end
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
context 'when raise_on_failure option is true' do
|
|
64
|
+
context 'when openid configuration endpoint returns error response' do
|
|
65
|
+
subject do
|
|
66
|
+
stub_request(:get, "http://localhost:8080/auth/realms/example-realm/.well-known/openid-configuration")
|
|
67
|
+
.to_return(status: 404, body: "", headers: {})
|
|
68
|
+
OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
|
|
69
|
+
client_options: {site: 'http://localhost:8080', realm: 'example-realm', raise_on_failure: true})
|
|
70
|
+
end
|
|
71
|
+
|
|
72
|
+
it 'raises Integration Error' do
|
|
73
|
+
expect{ subject.setup_phase }
|
|
74
|
+
.to raise_error(OmniAuth::Strategies::KeycloakOpenId::IntegrationError)
|
|
75
|
+
end
|
|
76
|
+
end
|
|
77
|
+
|
|
78
|
+
context 'when certificates endpoint returns error response' do
|
|
79
|
+
subject do
|
|
80
|
+
stub_request(:get, "http://localhost:8080/auth/realms/example-realm/.well-known/openid-configuration")
|
|
81
|
+
.to_return(status: 200, body: body, headers: {})
|
|
82
|
+
stub_request(:get, "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs")
|
|
83
|
+
.to_return(status: 404, body: "", headers: {})
|
|
84
|
+
OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
|
|
85
|
+
client_options: {site: 'http://localhost:8080', realm: 'example-realm', raise_on_failure: true})
|
|
86
|
+
end
|
|
87
|
+
|
|
88
|
+
it 'raises Integration Error' do
|
|
89
|
+
expect{ subject.setup_phase }
|
|
90
|
+
.to raise_error(OmniAuth::Strategies::KeycloakOpenId::IntegrationError)
|
|
91
|
+
end
|
|
92
|
+
end
|
|
93
|
+
end
|
|
94
|
+
end
|
|
49
95
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: omniauth-keycloak
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.2.
|
|
4
|
+
version: 1.2.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Cameron Crockett
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-12-19 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: omniauth
|
|
@@ -133,6 +133,7 @@ files:
|
|
|
133
133
|
- ".rspec"
|
|
134
134
|
- ".travis.yml"
|
|
135
135
|
- ".vscode/settings.json"
|
|
136
|
+
- CHANGELOG.md
|
|
136
137
|
- CODE_OF_CONDUCT.md
|
|
137
138
|
- Gemfile
|
|
138
139
|
- Gemfile.lock
|
|
@@ -166,7 +167,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
166
167
|
- !ruby/object:Gem::Version
|
|
167
168
|
version: 1.3.5
|
|
168
169
|
requirements: []
|
|
169
|
-
rubygems_version: 3.
|
|
170
|
+
rubygems_version: 3.1.2
|
|
170
171
|
signing_key:
|
|
171
172
|
specification_version: 4
|
|
172
173
|
summary: Omniauth strategy for Keycloak
|