omniauth-keycloak 1.2.1 → 1.4.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +66 -64
  3. data/README.md +36 -2
  4. data/lib/keycloak/version.rb +1 -1
  5. data/lib/omniauth/strategies/keycloak-openid.rb +23 -12
  6. data/omniauth-keycloak.gemspec +11 -11
  7. data/spec/omniauth/strategies/keycloak_spec.rb +118 -27
  8. metadata +19 -19
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8be07c97d1ead033d698f4d6e8770acce8510a7ef668ab151df4fe642baa982d
4
- data.tar.gz: 5002e62859a28e1b0cd3ffb708ac2618636397432148094d377e0305b568e88b
3
+ metadata.gz: a2e287221e83ebd9675dce6a96add0c979a5e953880fbacfa10357a6b7de2f1a
4
+ data.tar.gz: 301ae570d0e3e72366913a472940d809db176338027069fec50138d1cebd8fbc
5
5
  SHA512:
6
- metadata.gz: f9e06365f46b0e84328d4a51bee5fec151a479811376fb5a92fbf23a411471c5a5a06e8e9ac38daab40f254314ea53382fecb25fc835919237f433d086fb9bd3
7
- data.tar.gz: a32b6d90b31251d019af5f74b21fca7260d8691cc9afb6c8fe40cd3c50bdf96558f1d381a7251fd3a3f16de4e2dfef8e4f588ee0d643f3c5f66026b90e5954a6
6
+ metadata.gz: 13bb46c55f76bd31550870fea1a78cea8fd50ae2fb6c9d3764002cc95c3edddb4a6748ee97d52b18d9add2c85a23a31f85c45eb5352c86482fbc3c2263542505
7
+ data.tar.gz: f215a482d4c8f8760f8d86495bb6c5ea6cda2afb2fd15c8f9ff52aabfaea9d4c40fb81606edb4306f24d1dd0312f280dc8a728a7fad63901b94540566e99e0f6
data/Gemfile.lock CHANGED
@@ -1,98 +1,100 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- omniauth-keycloak (1.2.0)
5
- json-jwt (~> 1.12)
6
- omniauth (~> 1.9.0)
7
- omniauth-oauth2 (~> 1.6.0)
4
+ omniauth-keycloak (1.4.1)
5
+ json-jwt (~> 1.13.0)
6
+ omniauth (~> 2.0.4)
7
+ omniauth-oauth2 (~> 1.7.1)
8
8
 
9
9
  GEM
10
10
  remote: https://rubygems.org/
11
11
  specs:
12
- activesupport (6.0.3.1)
12
+ activesupport (7.0.3)
13
13
  concurrent-ruby (~> 1.0, >= 1.0.2)
14
- i18n (>= 0.7, < 2)
15
- minitest (~> 5.1)
16
- tzinfo (~> 1.1)
17
- zeitwerk (~> 2.2, >= 2.2.2)
18
- addressable (2.5.2)
19
- public_suffix (>= 2.0.2, < 4.0)
20
- aes_key_wrap (1.0.1)
21
- bindata (2.4.7)
22
- concurrent-ruby (1.1.6)
23
- crack (0.4.3)
24
- safe_yaml (~> 1.0.0)
25
- diff-lcs (1.3)
26
- docile (1.3.1)
27
- faraday (1.0.1)
28
- multipart-post (>= 1.2, < 3)
29
- hashdiff (0.3.7)
30
- hashie (4.1.0)
31
- i18n (1.8.2)
14
+ i18n (>= 1.6, < 2)
15
+ minitest (>= 5.1)
16
+ tzinfo (~> 2.0)
17
+ addressable (2.8.0)
18
+ public_suffix (>= 2.0.2, < 5.0)
19
+ aes_key_wrap (1.1.0)
20
+ bindata (2.4.10)
21
+ concurrent-ruby (1.1.10)
22
+ crack (0.4.5)
23
+ rexml
24
+ diff-lcs (1.4.4)
25
+ docile (1.4.0)
26
+ faraday (2.3.0)
27
+ faraday-net_http (~> 2.0)
28
+ ruby2_keywords (>= 0.0.4)
29
+ faraday-net_http (2.0.3)
30
+ hashdiff (1.0.1)
31
+ hashie (5.0.0)
32
+ i18n (1.10.0)
32
33
  concurrent-ruby (~> 1.0)
33
- json (2.3.1)
34
- json-jwt (1.12.0)
34
+ json-jwt (1.13.0)
35
35
  activesupport (>= 4.2)
36
36
  aes_key_wrap
37
37
  bindata
38
- jwt (2.2.1)
39
- minitest (5.14.1)
40
- multi_json (1.14.1)
38
+ jwt (2.3.0)
39
+ minitest (5.15.0)
40
+ multi_json (1.15.0)
41
41
  multi_xml (0.6.0)
42
- multipart-post (2.1.1)
43
- oauth2 (1.4.4)
44
- faraday (>= 0.8, < 2.0)
42
+ oauth2 (1.4.9)
43
+ faraday (>= 0.17.3, < 3.0)
45
44
  jwt (>= 1.0, < 3.0)
46
45
  multi_json (~> 1.3)
47
46
  multi_xml (~> 0.5)
48
47
  rack (>= 1.2, < 3)
49
- omniauth (1.9.1)
48
+ omniauth (2.0.4)
50
49
  hashie (>= 3.4.6)
51
50
  rack (>= 1.6.2, < 3)
52
- omniauth-oauth2 (1.6.0)
53
- oauth2 (~> 1.1)
54
- omniauth (~> 1.9)
55
- public_suffix (3.0.3)
51
+ rack-protection
52
+ omniauth-oauth2 (1.7.2)
53
+ oauth2 (~> 1.4)
54
+ omniauth (>= 1.9, < 3)
55
+ public_suffix (4.0.6)
56
56
  rack (2.2.3)
57
+ rack-protection (2.2.0)
58
+ rack
57
59
  rake (13.0.1)
58
- rspec (3.8.0)
59
- rspec-core (~> 3.8.0)
60
- rspec-expectations (~> 3.8.0)
61
- rspec-mocks (~> 3.8.0)
62
- rspec-core (3.8.0)
63
- rspec-support (~> 3.8.0)
64
- rspec-expectations (3.8.1)
60
+ rexml (3.2.5)
61
+ rspec (3.10.0)
62
+ rspec-core (~> 3.10.0)
63
+ rspec-expectations (~> 3.10.0)
64
+ rspec-mocks (~> 3.10.0)
65
+ rspec-core (3.10.1)
66
+ rspec-support (~> 3.10.0)
67
+ rspec-expectations (3.10.1)
65
68
  diff-lcs (>= 1.2.0, < 2.0)
66
- rspec-support (~> 3.8.0)
67
- rspec-mocks (3.8.0)
69
+ rspec-support (~> 3.10.0)
70
+ rspec-mocks (3.10.2)
68
71
  diff-lcs (>= 1.2.0, < 2.0)
69
- rspec-support (~> 3.8.0)
70
- rspec-support (3.8.0)
71
- safe_yaml (1.0.4)
72
- simplecov (0.16.1)
72
+ rspec-support (~> 3.10.0)
73
+ rspec-support (3.10.3)
74
+ ruby2_keywords (0.0.5)
75
+ simplecov (0.21.2)
73
76
  docile (~> 1.1)
74
- json (>= 1.8, < 3)
75
- simplecov-html (~> 0.10.0)
76
- simplecov-html (0.10.2)
77
- thread_safe (0.3.6)
78
- tzinfo (1.2.7)
79
- thread_safe (~> 0.1)
80
- webmock (3.4.2)
81
- addressable (>= 2.3.6)
77
+ simplecov-html (~> 0.11)
78
+ simplecov_json_formatter (~> 0.1)
79
+ simplecov-html (0.12.3)
80
+ simplecov_json_formatter (0.1.3)
81
+ tzinfo (2.0.4)
82
+ concurrent-ruby (~> 1.0)
83
+ webmock (3.14.0)
84
+ addressable (>= 2.8.0)
82
85
  crack (>= 0.3.2)
83
- hashdiff
84
- zeitwerk (2.3.0)
86
+ hashdiff (>= 0.4.0, < 2.0.0)
85
87
 
86
88
  PLATFORMS
87
89
  ruby
88
90
 
89
91
  DEPENDENCIES
90
- bundler (~> 1.16)
92
+ bundler (~> 2.2)
91
93
  omniauth-keycloak!
92
94
  rake (~> 13.0)
93
- rspec (~> 3.0)
94
- simplecov (~> 0.16.1)
95
- webmock (~> 3.4.2)
95
+ rspec (~> 3.10)
96
+ simplecov (~> 0.21)
97
+ webmock (~> 3.14)
96
98
 
97
99
  BUNDLED WITH
98
- 2.1.4
100
+ 2.2.31
data/README.md CHANGED
@@ -25,9 +25,32 @@ Here's a quick example, adding the middleware to a Rails app in `config/initiali
25
25
  ```ruby
26
26
  Rails.application.config.middleware.use OmniAuth::Builder do
27
27
  provider :keycloak_openid, 'Example-Client', '19cca35f-dddd-473a-bdd5-03f00d61d884',
28
- client_options: {site: 'https://example.keycloak-url.com', realm: 'example-realm'}
28
+ client_options: {site: 'https://example.keycloak-url.com', realm: 'example-realm'},
29
+ name: 'keycloak'
29
30
  end
30
31
  ```
32
+ This will allow a POST request to `auth/keycloak` since the name is set to keycloak
33
+
34
+ Or using a proc setup with a custom options:
35
+
36
+ ```ruby
37
+ Rails.application.config.middleware.use OmniAuth::Builder do
38
+ SETUP_PROC = lambda do |env|
39
+ request = Rack::Request.new(env)
40
+ organization = Organization.find_by(host: request.host)
41
+ provider_config = organization.enabled_omniauth_providers[:keycloakopenid]
42
+
43
+ env["omniauth.strategy"].options[:client_id] = provider_config[:client_id]
44
+ env["omniauth.strategy"].options[:client_secret] = provider_config[:client_secret]
45
+ env["omniauth.strategy"].options[:client_options] = { site: provider_config[:site], realm: provider_config[:realm] }
46
+ end
47
+
48
+ Rails.application.config.middleware.use OmniAuth::Builder do
49
+ provider :keycloak_openid, setup: SETUP_PROC
50
+ end
51
+ end
52
+ ```
53
+
31
54
 
32
55
  ## Devise Usage
33
56
  Adapted from [Devise OmniAuth Instructions](https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview)
@@ -43,7 +66,7 @@ end
43
66
  # config/initializers/devise.rb
44
67
  config.omniauth :keycloak_openid, "Example-Client-Name", "example-secret-if-configured", client_options: { site: "https://example.keycloak-url.com", realm: "example-realm" }, :strategy_class => OmniAuth::Strategies::KeycloakOpenId
45
68
 
46
- # Below controller assumes callback route configuration following
69
+ # Below controller assumes callback route configuration following
47
70
  # in config/routes.rb
48
71
  Devise.setup do |config|
49
72
  # ...
@@ -70,6 +93,17 @@ end
70
93
 
71
94
  ```
72
95
 
96
+ ## Configuration
97
+ * __Base Url other than /auth__
98
+ This gem tries to get the keycloak configuration from `"#{site}/auth/realms/#{realm}/.well-known/openid-configuration"`. If your keycloak server has been setup to use a different "root" url other than `/auth` then you need to pass in the `base_url` option when setting up the gem:
99
+ ```ruby
100
+ Rails.application.config.middleware.use OmniAuth::Builder do
101
+ provider :keycloak_openid, 'Example-Client', '19cca35f-dddd-473a-bdd5-03f00d61d884',
102
+ client_options: {site: 'https://example.keycloak-url.com', realm: 'example-realm', base_url: '/authorize'},
103
+ name: 'keycloak'
104
+ end
105
+ ```
106
+
73
107
  ## Contributing
74
108
 
75
109
  Bug reports and pull requests are welcome on GitHub at https://github.com/ccrockett/omniauth-keycloak. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
data/lib/keycloak/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Omniauth
2
2
  module Keycloak
3
- VERSION = "1.2.1"
3
+ VERSION = "1.4.1"
4
4
  end
5
5
  end
data/lib/omniauth/strategies/keycloak-openid.rb CHANGED
@@ -13,9 +13,11 @@ module OmniAuth
13
13
 
14
14
  attr_reader :authorize_url
15
15
  attr_reader :token_url
16
- attr_reader :cert
16
+ attr_reader :certs
17
17
 
18
18
  def setup_phase
19
+ super
20
+
19
21
  if @authorize_url.nil? || @token_url.nil?
20
22
  prevent_site_option_mistake
21
23
 
@@ -24,7 +26,7 @@ module OmniAuth
24
26
 
25
27
  raise_on_failure = options.client_options.fetch(:raise_on_failure, false)
26
28
 
27
- config_url = URI.join(site, "/auth/realms/#{realm}/.well-known/openid-configuration")
29
+ config_url = URI.join(site, "#{auth_url_base}/realms/#{realm}/.well-known/openid-configuration")
28
30
 
29
31
  log :debug, "Going to get Keycloak configuration. URL: #{config_url}"
30
32
  response = Faraday.get config_url
@@ -46,8 +48,8 @@ module OmniAuth
46
48
  certs = Faraday.get @certs_endpoint
47
49
  if (certs.status == 200)
48
50
  json = MultiJson.load(certs.body)
49
- @cert = json["keys"][0]
50
- log :debug, "Successfully got certificate. Certificate length: #{@cert.length}"
51
+ @certs = json["keys"]
52
+ log :debug, "Successfully got certificate. Certificate length: #{@certs.length}"
51
53
  else
52
54
  message = "Coundn't get certificate. URL: #{@certs_endpoint}"
53
55
  log :error, message
@@ -62,6 +64,14 @@ module OmniAuth
62
64
  end
63
65
  end
64
66
 
67
+ def auth_url_base
68
+ return '/auth' unless options.client_options[:base_url]
69
+ base_url = options.client_options[:base_url]
70
+ return base_url if (base_url == '' || base_url[0] == '/')
71
+
72
+ raise ConfigurationError, "Keycloak base_url option should start with '/'. Current value: #{base_url}"
73
+ end
74
+
65
75
  def prevent_site_option_mistake
66
76
  site = options.client_options[:site]
67
77
  return unless site =~ /\/auth$/
@@ -81,14 +91,14 @@ module OmniAuth
81
91
 
82
92
  def build_access_token
83
93
  verifier = request.params["code"]
84
- client.auth_code.get_token(verifier,
94
+ client.auth_code.get_token(verifier,
85
95
  {:redirect_uri => callback_url.gsub(/\?.+\Z/, "")}
86
- .merge(token_params.to_hash(:symbolize_keys => true)),
96
+ .merge(token_params.to_hash(:symbolize_keys => true)),
87
97
  deep_symbolize(options.auth_token_params))
88
98
  end
89
99
 
90
100
  uid{ raw_info['sub'] }
91
-
101
+
92
102
  info do
93
103
  {
94
104
  :name => raw_info['name'],
@@ -97,17 +107,18 @@ module OmniAuth
97
107
  :last_name => raw_info['family_name']
98
108
  }
99
109
  end
100
-
110
+
101
111
  extra do
102
112
  {
103
- 'raw_info' => raw_info
113
+ 'raw_info' => raw_info,
114
+ 'id_token' => access_token['id_token']
104
115
  }
105
116
  end
106
-
117
+
107
118
  def raw_info
108
119
  id_token_string = access_token.token
109
- jwk = JSON::JWK.new(@cert)
110
- id_token = JSON::JWT.decode id_token_string, jwk
120
+ jwks = JSON::JWK::Set.new(@certs)
121
+ id_token = JSON::JWT.decode id_token_string, jwks
111
122
  id_token
112
123
  end
113
124
 
data/omniauth-keycloak.gemspec CHANGED
@@ -4,13 +4,13 @@ Gem::Specification.new do |spec|
4
4
  spec.version = Omniauth::Keycloak::VERSION
5
5
  spec.authors = ["Cameron Crockett"]
6
6
  spec.email = ["cameron.crockett@ccrockett.com"]
7
-
7
+
8
8
  spec.description = %q{Omniauth strategy for Keycloak}
9
9
  spec.summary = spec.description
10
10
  spec.homepage = "https://github.com/ccrockett/omniauth-keycloak"
11
11
  spec.license = "MIT"
12
- spec.required_rubygems_version = '>= 1.3.5'
13
- spec.required_ruby_version = '>= 2.2'
12
+ spec.required_rubygems_version = '>= 3.1.2'
13
+ spec.required_ruby_version = '>= 2.6'
14
14
 
15
15
  # Specify which files should be added to the gem when it is released.
16
16
  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
@@ -22,14 +22,14 @@ Gem::Specification.new do |spec|
22
22
  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
23
23
  spec.require_paths = ["lib"]
24
24
 
25
-
26
- spec.add_dependency "omniauth", "~> 1.9.0"
27
- spec.add_dependency "omniauth-oauth2", "~> 1.6.0"
28
- spec.add_dependency "json-jwt", "~> 1.12"
29
25
 
30
- spec.add_development_dependency "bundler", "~> 1.16"
26
+ spec.add_dependency "omniauth", "~> 2.0.4"
27
+ spec.add_dependency "omniauth-oauth2", "~> 1.7.1"
28
+ spec.add_dependency "json-jwt", "~> 1.13.0"
29
+
30
+ spec.add_development_dependency "bundler", "~> 2.2"
31
31
  spec.add_development_dependency "rake", "~> 13.0"
32
- spec.add_development_dependency "rspec", "~> 3.0"
33
- spec.add_development_dependency 'simplecov', '~> 0.16.1'
34
- spec.add_development_dependency 'webmock', '~> 3.4.2'
32
+ spec.add_development_dependency "rspec", "~> 3.10"
33
+ spec.add_development_dependency 'simplecov', '~> 0.21'
34
+ spec.add_development_dependency 'webmock', '~> 3.14'
35
35
  end
data/spec/omniauth/strategies/keycloak_spec.rb CHANGED
@@ -1,41 +1,45 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  RSpec.describe OmniAuth::Strategies::KeycloakOpenId do
4
- body = '{"issuer": "http://localhost:8080/auth/realms/example-realm",
5
- "authorization_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/auth",
6
- "token_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/token",
7
- "token_introspection_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/token/introspect",
8
- "userinfo_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/userinfo",
9
- "end_session_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/logout",
10
- "jwks_uri": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs",
11
- "check_session_iframe": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/login-status-iframe.html",
12
- "grant_types_supported": ["authorization_code", "implicit", "refresh_token", "password", "client_credentials"],
13
- "response_types_supported": ["code", "none", "id_token", "token", "id_token token", "code id_token", "code token", "code id_token token"],
14
- "subject_types_supported": ["public", "pairwise"],
15
- "id_token_signing_alg_values_supported": ["RS256"],
16
- "userinfo_signing_alg_values_supported": ["RS256"],
17
- "request_object_signing_alg_values_supported": ["none", "RS256"],
18
- "response_modes_supported": ["query", "fragment", "form_post"],
19
- "registration_endpoint": "http://localhost:8080/auth/realms/example-realm/clients-registrations/openid-connect",
20
- "token_endpoint_auth_methods_supported": ["private_key_jwt", "client_secret_basic", "client_secret_post"],
21
- "token_endpoint_auth_signing_alg_values_supported": ["RS256"],
22
- "claims_supported": ["sub", "iss", "auth_time", "name", "given_name", "family_name", "preferred_username", "email"],
23
- "claim_types_supported": ["normal"],
24
- "claims_parameter_supported": false,
25
- "scopes_supported": ["openid", "offline_access"],
26
- "request_parameter_supported": true,
27
- "request_uri_parameter_supported": true}'
4
+ let(:body) {
5
+ {
6
+ "issuer": "http://localhost:8080/auth/realms/example-realm",
7
+ "authorization_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/auth",
8
+ "token_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/token",
9
+ "token_introspection_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/token/introspect",
10
+ "userinfo_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/userinfo",
11
+ "end_session_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/logout",
12
+ "jwks_uri": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs",
13
+ "check_session_iframe": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/login-status-iframe.html",
14
+ "grant_types_supported": ["authorization_code", "implicit", "refresh_token", "password", "client_credentials"],
15
+ "response_types_supported": ["code", "none", "id_token", "token", "id_token token", "code id_token", "code token", "code id_token token"],
16
+ "subject_types_supported": ["public", "pairwise"],
17
+ "id_token_signing_alg_values_supported": ["RS256"],
18
+ "userinfo_signing_alg_values_supported": ["RS256"],
19
+ "request_object_signing_alg_values_supported": ["none", "RS256"],
20
+ "response_modes_supported": ["query", "fragment", "form_post"],
21
+ "registration_endpoint": "http://localhost:8080/auth/realms/example-realm/clients-registrations/openid-connect",
22
+ "token_endpoint_auth_methods_supported": ["private_key_jwt", "client_secret_basic", "client_secret_post"],
23
+ "token_endpoint_auth_signing_alg_values_supported": ["RS256"],
24
+ "claims_supported": ["sub", "iss", "auth_time", "name", "given_name", "family_name", "preferred_username", "email"],
25
+ "claim_types_supported": ["normal"],
26
+ "claims_parameter_supported": false,
27
+ "scopes_supported": ["openid", "offline_access"],
28
+ "request_parameter_supported": true,
29
+ "request_uri_parameter_supported": true
30
+ }
31
+ }
28
32
 
29
33
  context 'client options' do
30
34
  subject do
31
35
  stub_request(:get, "http://localhost:8080/auth/realms/example-realm/.well-known/openid-configuration")
32
- .to_return(status: 200, body: body, headers: {})
36
+ .to_return(status: 200, body: JSON.generate(body), headers: {})
33
37
  stub_request(:get, "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs")
34
38
  .to_return(status: 404, body: "", headers: {})
35
39
  OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
36
40
  client_options: {site: 'http://localhost:8080/', realm: 'example-realm'})
37
41
  end
38
-
42
+
39
43
  it 'should have the correct keycloak token url' do
40
44
  subject.setup_phase
41
45
  expect(subject.token_url).to eq('/auth/realms/example-realm/protocol/openid-connect/token')
@@ -47,6 +51,93 @@ RSpec.describe OmniAuth::Strategies::KeycloakOpenId do
47
51
  end
48
52
  end
49
53
 
54
+ describe 'client base_url option set' do
55
+ context 'to blank string' do
56
+ let(:new_body_endpoints) {
57
+ {
58
+ "authorization_endpoint": "http://localhost:8080/realms/example-realm/protocol/openid-connect/auth",
59
+ "token_endpoint": "http://localhost:8080/realms/example-realm/protocol/openid-connect/token",
60
+ "jwks_uri": "http://localhost:8080/realms/example-realm/protocol/openid-connect/certs"
61
+ }
62
+ }
63
+
64
+ subject do
65
+ stub_request(:get, "http://localhost:8080/realms/example-realm/.well-known/openid-configuration")
66
+ .to_return(status: 200, body: JSON.generate(body.merge(new_body_endpoints)), headers: {})
67
+ stub_request(:get, "http://localhost:8080/realms/example-realm/protocol/openid-connect/certs")
68
+ .to_return(status: 404, body: "", headers: {})
69
+ OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
70
+ client_options: {site: 'http://localhost:8080/', realm: 'example-realm', base_url: ''})
71
+ end
72
+
73
+ it 'should have the correct keycloak token url' do
74
+ subject.setup_phase
75
+ expect(subject.token_url).to eq('/realms/example-realm/protocol/openid-connect/token')
76
+ end
77
+
78
+ it 'should have the correct keycloak authorization url' do
79
+ subject.setup_phase
80
+ expect(subject.authorize_url).to eq('/realms/example-realm/protocol/openid-connect/auth')
81
+ end
82
+ end
83
+
84
+ context 'to invalid string' do
85
+ subject do
86
+ stub_request(:get, "http://localhost:8080/realms/example-realm/.well-known/openid-configuration")
87
+ .to_return(status: 200, body: JSON.generate(body), headers: {})
88
+ stub_request(:get, "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs")
89
+ .to_return(status: 404, body: "", headers: {})
90
+ OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
91
+ client_options: {site: 'http://localhost:8080/', realm: 'example-realm', base_url: 'test'})
92
+ end
93
+
94
+ it 'raises Configuration Error' do
95
+ expect{ subject.setup_phase }
96
+ .to raise_error(OmniAuth::Strategies::KeycloakOpenId::ConfigurationError)
97
+ end
98
+ end
99
+
100
+ context 'to /authorize' do
101
+
102
+ let(:new_body_endpoints) {
103
+ {
104
+ "authorization_endpoint": "http://localhost:8080/authorize/realms/example-realm/protocol/openid-connect/auth",
105
+ "token_endpoint": "http://localhost:8080/authorize/realms/example-realm/protocol/openid-connect/token",
106
+ "jwks_uri": "http://localhost:8080/authorize/realms/example-realm/protocol/openid-connect/certs"
107
+ }
108
+ }
109
+
110
+ subject do
111
+ stub_request(:get, "http://localhost:8080/authorize/realms/example-realm/.well-known/openid-configuration")
112
+ .to_return(status: 200, body: JSON.generate(body.merge(new_body_endpoints)), headers: {})
113
+ stub_request(:get, "http://localhost:8080/authorize/realms/example-realm/protocol/openid-connect/certs")
114
+ .to_return(status: 404, body: "", headers: {})
115
+ OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
116
+ client_options: {site: 'http://localhost:8080/', realm: 'example-realm', base_url: '/authorize'})
117
+ end
118
+
119
+ it 'should have the correct keycloak token url' do
120
+ subject.setup_phase
121
+ expect(subject.token_url).to eq('/authorize/realms/example-realm/protocol/openid-connect/token')
122
+ end
123
+
124
+ it 'should have the correct keycloak authorization url' do
125
+ subject.setup_phase
126
+ expect(subject.authorize_url).to eq('/authorize/realms/example-realm/protocol/openid-connect/auth')
127
+ end
128
+ end
129
+ end
130
+
131
+ context 'client setup with a proc' do
132
+ subject do
133
+ OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', setup: proc { throw :setup_proc_was_called })
134
+ end
135
+
136
+ it 'should call the proc' do
137
+ expect { subject.setup_phase }.to throw_symbol :setup_proc_was_called
138
+ end
139
+ end
140
+
50
141
  describe 'errors processing' do
51
142
  context 'when site contains /auth part' do
52
143
  subject do
@@ -78,7 +169,7 @@ RSpec.describe OmniAuth::Strategies::KeycloakOpenId do
78
169
  context 'when certificates endpoint returns error response' do
79
170
  subject do
80
171
  stub_request(:get, "http://localhost:8080/auth/realms/example-realm/.well-known/openid-configuration")
81
- .to_return(status: 200, body: body, headers: {})
172
+ .to_return(status: 200, body: JSON.generate(body), headers: {})
82
173
  stub_request(:get, "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs")
83
174
  .to_return(status: 404, body: "", headers: {})
84
175
  OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-keycloak
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.1
4
+ version: 1.4.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Cameron Crockett
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2020-12-19 00:00:00.000000000 Z
11
+ date: 2022-05-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: omniauth
@@ -16,56 +16,56 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: 1.9.0
19
+ version: 2.0.4
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: 1.9.0
26
+ version: 2.0.4
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: omniauth-oauth2
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: 1.6.0
33
+ version: 1.7.1
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: 1.6.0
40
+ version: 1.7.1
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: json-jwt
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
45
  - - "~>"
46
46
  - !ruby/object:Gem::Version
47
- version: '1.12'
47
+ version: 1.13.0
48
48
  type: :runtime
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
52
  - - "~>"
53
53
  - !ruby/object:Gem::Version
54
- version: '1.12'
54
+ version: 1.13.0
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: bundler
57
57
  requirement: !ruby/object:Gem::Requirement
58
58
  requirements:
59
59
  - - "~>"
60
60
  - !ruby/object:Gem::Version
61
- version: '1.16'
61
+ version: '2.2'
62
62
  type: :development
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
66
  - - "~>"
67
67
  - !ruby/object:Gem::Version
68
- version: '1.16'
68
+ version: '2.2'
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: rake
71
71
  requirement: !ruby/object:Gem::Requirement
@@ -86,42 +86,42 @@ dependencies:
86
86
  requirements:
87
87
  - - "~>"
88
88
  - !ruby/object:Gem::Version
89
- version: '3.0'
89
+ version: '3.10'
90
90
  type: :development
91
91
  prerelease: false
92
92
  version_requirements: !ruby/object:Gem::Requirement
93
93
  requirements:
94
94
  - - "~>"
95
95
  - !ruby/object:Gem::Version
96
- version: '3.0'
96
+ version: '3.10'
97
97
  - !ruby/object:Gem::Dependency
98
98
  name: simplecov
99
99
  requirement: !ruby/object:Gem::Requirement
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: 0.16.1
103
+ version: '0.21'
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: 0.16.1
110
+ version: '0.21'
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: webmock
113
113
  requirement: !ruby/object:Gem::Requirement
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: 3.4.2
117
+ version: '3.14'
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: 3.4.2
124
+ version: '3.14'
125
125
  description: Omniauth strategy for Keycloak
126
126
  email:
127
127
  - cameron.crockett@ccrockett.com
@@ -160,14 +160,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
160
160
  requirements:
161
161
  - - ">="
162
162
  - !ruby/object:Gem::Version
163
- version: '2.2'
163
+ version: '2.6'
164
164
  required_rubygems_version: !ruby/object:Gem::Requirement
165
165
  requirements:
166
166
  - - ">="
167
167
  - !ruby/object:Gem::Version
168
- version: 1.3.5
168
+ version: 3.1.2
169
169
  requirements: []
170
- rubygems_version: 3.1.2
170
+ rubygems_version: 3.1.6
171
171
  signing_key:
172
172
  specification_version: 4
173
173
  summary: Omniauth strategy for Keycloak