omniauth-keycloak 1.3.0 → 1.4.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +32 -32
  3. data/README.md +36 -2
  4. data/lib/keycloak/version.rb +1 -1
  5. data/lib/omniauth/strategies/keycloak-openid.rb +21 -11
  6. data/omniauth-keycloak.gemspec +7 -7
  7. data/spec/omniauth/strategies/keycloak_spec.rb +118 -27
  8. metadata +11 -11
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8c9982a0ec26f3a29c6e8a2ff4563c45ec0c3944c69b8e3d853a5a9641fab529
4
- data.tar.gz: 7bf4b42a30813bb0dd7a67866b051e9a5802970d1e1754aeaf393140b10d2e4e
3
+ metadata.gz: 42a3358ad3f8f4524e7d212d716e99eda02fa1b5030dcdeedf1d4b77551be450
4
+ data.tar.gz: 6d3b47d546bbec7de0a9d4c5cba6f1b88568f234180ed195ce84d0f37d9b35d4
5
5
  SHA512:
6
- metadata.gz: 7d04d5c18554fdb152fb00bc961615a2d08c320237fa85e1e1118a82616ff7ba5cf65c0b0da8d857ae0243119100c12a192547c7a9fadc3b658146470dc07db7
7
- data.tar.gz: 1ca221dedc1468014e5761596612aac041d8da7acb3edda25b35ea211c2a4b30c533894a506b3dd480cecde2c43eff4fd63884bd969dfde55779728bb87dea99
6
+ metadata.gz: f27d6b806f0297f6ffc72c722185a8bc5fa76cb32441dc1936ae8d88109bb2b294c05bcde3f4411254adee5f2af5ae5035e63e151762f030ac9c3bbbfdc000fb
7
+ data.tar.gz: eaac842f3e02d03f5c9cbb677e8c60da6f5159582b742ae94b839210861c8e7133ea23f2e462cf180d217cb4ef6702ab8a7ba8ff09719716ab96a538cbf733b6
data/Gemfile.lock CHANGED
@@ -15,15 +15,15 @@ GEM
15
15
  minitest (>= 5.1)
16
16
  tzinfo (~> 2.0)
17
17
  zeitwerk (~> 2.3)
18
- addressable (2.5.2)
19
- public_suffix (>= 2.0.2, < 4.0)
18
+ addressable (2.8.0)
19
+ public_suffix (>= 2.0.2, < 5.0)
20
20
  aes_key_wrap (1.1.0)
21
21
  bindata (2.4.9)
22
22
  concurrent-ruby (1.1.8)
23
- crack (0.4.3)
24
- safe_yaml (~> 1.0.0)
25
- diff-lcs (1.3)
26
- docile (1.3.1)
23
+ crack (0.4.5)
24
+ rexml
25
+ diff-lcs (1.4.4)
26
+ docile (1.4.0)
27
27
  faraday (1.4.1)
28
28
  faraday-excon (~> 1.1)
29
29
  faraday-net_http (~> 1.0)
@@ -33,11 +33,10 @@ GEM
33
33
  faraday-excon (1.1.0)
34
34
  faraday-net_http (1.0.1)
35
35
  faraday-net_http_persistent (1.1.0)
36
- hashdiff (0.3.7)
36
+ hashdiff (1.0.1)
37
37
  hashie (4.1.0)
38
38
  i18n (1.8.10)
39
39
  concurrent-ruby (~> 1.0)
40
- json (2.3.1)
41
40
  json-jwt (1.13.0)
42
41
  activesupport (>= 4.2)
43
42
  aes_key_wrap
@@ -60,37 +59,38 @@ GEM
60
59
  omniauth-oauth2 (1.7.1)
61
60
  oauth2 (~> 1.4)
62
61
  omniauth (>= 1.9, < 3)
63
- public_suffix (3.0.3)
62
+ public_suffix (4.0.6)
64
63
  rack (2.2.3)
65
64
  rack-protection (2.1.0)
66
65
  rack
67
66
  rake (13.0.1)
68
- rspec (3.8.0)
69
- rspec-core (~> 3.8.0)
70
- rspec-expectations (~> 3.8.0)
71
- rspec-mocks (~> 3.8.0)
72
- rspec-core (3.8.0)
73
- rspec-support (~> 3.8.0)
74
- rspec-expectations (3.8.1)
67
+ rexml (3.2.5)
68
+ rspec (3.10.0)
69
+ rspec-core (~> 3.10.0)
70
+ rspec-expectations (~> 3.10.0)
71
+ rspec-mocks (~> 3.10.0)
72
+ rspec-core (3.10.1)
73
+ rspec-support (~> 3.10.0)
74
+ rspec-expectations (3.10.1)
75
75
  diff-lcs (>= 1.2.0, < 2.0)
76
- rspec-support (~> 3.8.0)
77
- rspec-mocks (3.8.0)
76
+ rspec-support (~> 3.10.0)
77
+ rspec-mocks (3.10.2)
78
78
  diff-lcs (>= 1.2.0, < 2.0)
79
- rspec-support (~> 3.8.0)
80
- rspec-support (3.8.0)
79
+ rspec-support (~> 3.10.0)
80
+ rspec-support (3.10.3)
81
81
  ruby2_keywords (0.0.4)
82
- safe_yaml (1.0.4)
83
- simplecov (0.16.1)
82
+ simplecov (0.21.2)
84
83
  docile (~> 1.1)
85
- json (>= 1.8, < 3)
86
- simplecov-html (~> 0.10.0)
87
- simplecov-html (0.10.2)
84
+ simplecov-html (~> 0.11)
85
+ simplecov_json_formatter (~> 0.1)
86
+ simplecov-html (0.12.3)
87
+ simplecov_json_formatter (0.1.3)
88
88
  tzinfo (2.0.4)
89
89
  concurrent-ruby (~> 1.0)
90
- webmock (3.4.2)
91
- addressable (>= 2.3.6)
90
+ webmock (3.14.0)
91
+ addressable (>= 2.8.0)
92
92
  crack (>= 0.3.2)
93
- hashdiff
93
+ hashdiff (>= 0.4.0, < 2.0.0)
94
94
  zeitwerk (2.4.2)
95
95
 
96
96
  PLATFORMS
@@ -100,9 +100,9 @@ DEPENDENCIES
100
100
  bundler (~> 2.2)
101
101
  omniauth-keycloak!
102
102
  rake (~> 13.0)
103
- rspec (~> 3.0)
104
- simplecov (~> 0.16.1)
105
- webmock (~> 3.4.2)
103
+ rspec (~> 3.10)
104
+ simplecov (~> 0.21)
105
+ webmock (~> 3.14)
106
106
 
107
107
  BUNDLED WITH
108
- 2.2.17
108
+ 2.2.31
data/README.md CHANGED
@@ -25,9 +25,32 @@ Here's a quick example, adding the middleware to a Rails app in `config/initiali
25
25
  ```ruby
26
26
  Rails.application.config.middleware.use OmniAuth::Builder do
27
27
  provider :keycloak_openid, 'Example-Client', '19cca35f-dddd-473a-bdd5-03f00d61d884',
28
- client_options: {site: 'https://example.keycloak-url.com', realm: 'example-realm'}
28
+ client_options: {site: 'https://example.keycloak-url.com', realm: 'example-realm'},
29
+ name: 'keycloak'
29
30
  end
30
31
  ```
32
+ This will allow a POST request to `auth/keycloak` since the name is set to keycloak
33
+
34
+ Or using a proc setup with a custom options:
35
+
36
+ ```ruby
37
+ Rails.application.config.middleware.use OmniAuth::Builder do
38
+ SETUP_PROC = lambda do |env|
39
+ request = Rack::Request.new(env)
40
+ organization = Organization.find_by(host: request.host)
41
+ provider_config = organization.enabled_omniauth_providers[:keycloakopenid]
42
+
43
+ env["omniauth.strategy"].options[:client_id] = provider_config[:client_id]
44
+ env["omniauth.strategy"].options[:client_secret] = provider_config[:client_secret]
45
+ env["omniauth.strategy"].options[:client_options] = { site: provider_config[:site], realm: provider_config[:realm] }
46
+ end
47
+
48
+ Rails.application.config.middleware.use OmniAuth::Builder do
49
+ provider :keycloak_openid, setup: SETUP_PROC
50
+ end
51
+ end
52
+ ```
53
+
31
54
 
32
55
  ## Devise Usage
33
56
  Adapted from [Devise OmniAuth Instructions](https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview)
@@ -43,7 +66,7 @@ end
43
66
  # config/initializers/devise.rb
44
67
  config.omniauth :keycloak_openid, "Example-Client-Name", "example-secret-if-configured", client_options: { site: "https://example.keycloak-url.com", realm: "example-realm" }, :strategy_class => OmniAuth::Strategies::KeycloakOpenId
45
68
 
46
- # Below controller assumes callback route configuration following
69
+ # Below controller assumes callback route configuration following
47
70
  # in config/routes.rb
48
71
  Devise.setup do |config|
49
72
  # ...
@@ -70,6 +93,17 @@ end
70
93
 
71
94
  ```
72
95
 
96
+ ## Configuration
97
+ * __Base Url other than /auth__
98
+ This gem tries to get the keycloak configuration from `"#{site}/auth/realms/#{realm}/.well-known/openid-configuration"`. If your keycloak server has been setup to use a different "root" url other than `/auth` then you need to pass in the `base_url` option when setting up the gem:
99
+ ```ruby
100
+ Rails.application.config.middleware.use OmniAuth::Builder do
101
+ provider :keycloak_openid, 'Example-Client', '19cca35f-dddd-473a-bdd5-03f00d61d884',
102
+ client_options: {site: 'https://example.keycloak-url.com', realm: 'example-realm', base_url: '/authorize'},
103
+ name: 'keycloak'
104
+ end
105
+ ```
106
+
73
107
  ## Contributing
74
108
 
75
109
  Bug reports and pull requests are welcome on GitHub at https://github.com/ccrockett/omniauth-keycloak. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
data/lib/keycloak/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Omniauth
2
2
  module Keycloak
3
- VERSION = "1.3.0"
3
+ VERSION = "1.4.0"
4
4
  end
5
5
  end
data/lib/omniauth/strategies/keycloak-openid.rb CHANGED
@@ -13,9 +13,11 @@ module OmniAuth
13
13
 
14
14
  attr_reader :authorize_url
15
15
  attr_reader :token_url
16
- attr_reader :cert
16
+ attr_reader :certs
17
17
 
18
18
  def setup_phase
19
+ super
20
+
19
21
  if @authorize_url.nil? || @token_url.nil?
20
22
  prevent_site_option_mistake
21
23
 
@@ -24,7 +26,7 @@ module OmniAuth
24
26
 
25
27
  raise_on_failure = options.client_options.fetch(:raise_on_failure, false)
26
28
 
27
- config_url = URI.join(site, "/auth/realms/#{realm}/.well-known/openid-configuration")
29
+ config_url = URI.join(site, "#{auth_url_base}/realms/#{realm}/.well-known/openid-configuration")
28
30
 
29
31
  log :debug, "Going to get Keycloak configuration. URL: #{config_url}"
30
32
  response = Faraday.get config_url
@@ -46,8 +48,8 @@ module OmniAuth
46
48
  certs = Faraday.get @certs_endpoint
47
49
  if (certs.status == 200)
48
50
  json = MultiJson.load(certs.body)
49
- @cert = json["keys"][0]
50
- log :debug, "Successfully got certificate. Certificate length: #{@cert.length}"
51
+ @certs = json["keys"]
52
+ log :debug, "Successfully got certificate. Certificate length: #{@certs.length}"
51
53
  else
52
54
  message = "Coundn't get certificate. URL: #{@certs_endpoint}"
53
55
  log :error, message
@@ -62,6 +64,14 @@ module OmniAuth
62
64
  end
63
65
  end
64
66
 
67
+ def auth_url_base
68
+ return '/auth' unless options.client_options[:base_url]
69
+ base_url = options.client_options[:base_url]
70
+ return base_url if (base_url == '' || base_url[0] == '/')
71
+
72
+ raise ConfigurationError, "Keycloak base_url option should start with '/'. Current value: #{base_url}"
73
+ end
74
+
65
75
  def prevent_site_option_mistake
66
76
  site = options.client_options[:site]
67
77
  return unless site =~ /\/auth$/
@@ -81,14 +91,14 @@ module OmniAuth
81
91
 
82
92
  def build_access_token
83
93
  verifier = request.params["code"]
84
- client.auth_code.get_token(verifier,
94
+ client.auth_code.get_token(verifier,
85
95
  {:redirect_uri => callback_url.gsub(/\?.+\Z/, "")}
86
- .merge(token_params.to_hash(:symbolize_keys => true)),
96
+ .merge(token_params.to_hash(:symbolize_keys => true)),
87
97
  deep_symbolize(options.auth_token_params))
88
98
  end
89
99
 
90
100
  uid{ raw_info['sub'] }
91
-
101
+
92
102
  info do
93
103
  {
94
104
  :name => raw_info['name'],
@@ -97,17 +107,17 @@ module OmniAuth
97
107
  :last_name => raw_info['family_name']
98
108
  }
99
109
  end
100
-
110
+
101
111
  extra do
102
112
  {
103
113
  'raw_info' => raw_info
104
114
  }
105
115
  end
106
-
116
+
107
117
  def raw_info
108
118
  id_token_string = access_token.token
109
- jwk = JSON::JWK.new(@cert)
110
- id_token = JSON::JWT.decode id_token_string, jwk
119
+ jwks = JSON::JWK::Set.new(@certs)
120
+ id_token = JSON::JWT.decode id_token_string, jwks
111
121
  id_token
112
122
  end
113
123
 
data/omniauth-keycloak.gemspec CHANGED
@@ -4,13 +4,13 @@ Gem::Specification.new do |spec|
4
4
  spec.version = Omniauth::Keycloak::VERSION
5
5
  spec.authors = ["Cameron Crockett"]
6
6
  spec.email = ["cameron.crockett@ccrockett.com"]
7
-
7
+
8
8
  spec.description = %q{Omniauth strategy for Keycloak}
9
9
  spec.summary = spec.description
10
10
  spec.homepage = "https://github.com/ccrockett/omniauth-keycloak"
11
11
  spec.license = "MIT"
12
- spec.required_rubygems_version = '>= 1.3.5'
13
- spec.required_ruby_version = '>= 2.2'
12
+ spec.required_rubygems_version = '>= 3.1.2'
13
+ spec.required_ruby_version = '>= 2.6'
14
14
 
15
15
  # Specify which files should be added to the gem when it is released.
16
16
  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
@@ -22,14 +22,14 @@ Gem::Specification.new do |spec|
22
22
  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
23
23
  spec.require_paths = ["lib"]
24
24
 
25
-
25
+
26
26
  spec.add_dependency "omniauth", "~> 2.0.4"
27
27
  spec.add_dependency "omniauth-oauth2", "~> 1.7.1"
28
28
  spec.add_dependency "json-jwt", "~> 1.13.0"
29
29
 
30
30
  spec.add_development_dependency "bundler", "~> 2.2"
31
31
  spec.add_development_dependency "rake", "~> 13.0"
32
- spec.add_development_dependency "rspec", "~> 3.0"
33
- spec.add_development_dependency 'simplecov', '~> 0.16.1'
34
- spec.add_development_dependency 'webmock', '~> 3.4.2'
32
+ spec.add_development_dependency "rspec", "~> 3.10"
33
+ spec.add_development_dependency 'simplecov', '~> 0.21'
34
+ spec.add_development_dependency 'webmock', '~> 3.14'
35
35
  end
data/spec/omniauth/strategies/keycloak_spec.rb CHANGED
@@ -1,41 +1,45 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  RSpec.describe OmniAuth::Strategies::KeycloakOpenId do
4
- body = '{"issuer": "http://localhost:8080/auth/realms/example-realm",
5
- "authorization_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/auth",
6
- "token_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/token",
7
- "token_introspection_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/token/introspect",
8
- "userinfo_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/userinfo",
9
- "end_session_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/logout",
10
- "jwks_uri": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs",
11
- "check_session_iframe": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/login-status-iframe.html",
12
- "grant_types_supported": ["authorization_code", "implicit", "refresh_token", "password", "client_credentials"],
13
- "response_types_supported": ["code", "none", "id_token", "token", "id_token token", "code id_token", "code token", "code id_token token"],
14
- "subject_types_supported": ["public", "pairwise"],
15
- "id_token_signing_alg_values_supported": ["RS256"],
16
- "userinfo_signing_alg_values_supported": ["RS256"],
17
- "request_object_signing_alg_values_supported": ["none", "RS256"],
18
- "response_modes_supported": ["query", "fragment", "form_post"],
19
- "registration_endpoint": "http://localhost:8080/auth/realms/example-realm/clients-registrations/openid-connect",
20
- "token_endpoint_auth_methods_supported": ["private_key_jwt", "client_secret_basic", "client_secret_post"],
21
- "token_endpoint_auth_signing_alg_values_supported": ["RS256"],
22
- "claims_supported": ["sub", "iss", "auth_time", "name", "given_name", "family_name", "preferred_username", "email"],
23
- "claim_types_supported": ["normal"],
24
- "claims_parameter_supported": false,
25
- "scopes_supported": ["openid", "offline_access"],
26
- "request_parameter_supported": true,
27
- "request_uri_parameter_supported": true}'
4
+ let(:body) {
5
+ {
6
+ "issuer": "http://localhost:8080/auth/realms/example-realm",
7
+ "authorization_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/auth",
8
+ "token_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/token",
9
+ "token_introspection_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/token/introspect",
10
+ "userinfo_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/userinfo",
11
+ "end_session_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/logout",
12
+ "jwks_uri": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs",
13
+ "check_session_iframe": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/login-status-iframe.html",
14
+ "grant_types_supported": ["authorization_code", "implicit", "refresh_token", "password", "client_credentials"],
15
+ "response_types_supported": ["code", "none", "id_token", "token", "id_token token", "code id_token", "code token", "code id_token token"],
16
+ "subject_types_supported": ["public", "pairwise"],
17
+ "id_token_signing_alg_values_supported": ["RS256"],
18
+ "userinfo_signing_alg_values_supported": ["RS256"],
19
+ "request_object_signing_alg_values_supported": ["none", "RS256"],
20
+ "response_modes_supported": ["query", "fragment", "form_post"],
21
+ "registration_endpoint": "http://localhost:8080/auth/realms/example-realm/clients-registrations/openid-connect",
22
+ "token_endpoint_auth_methods_supported": ["private_key_jwt", "client_secret_basic", "client_secret_post"],
23
+ "token_endpoint_auth_signing_alg_values_supported": ["RS256"],
24
+ "claims_supported": ["sub", "iss", "auth_time", "name", "given_name", "family_name", "preferred_username", "email"],
25
+ "claim_types_supported": ["normal"],
26
+ "claims_parameter_supported": false,
27
+ "scopes_supported": ["openid", "offline_access"],
28
+ "request_parameter_supported": true,
29
+ "request_uri_parameter_supported": true
30
+ }
31
+ }
28
32
 
29
33
  context 'client options' do
30
34
  subject do
31
35
  stub_request(:get, "http://localhost:8080/auth/realms/example-realm/.well-known/openid-configuration")
32
- .to_return(status: 200, body: body, headers: {})
36
+ .to_return(status: 200, body: JSON.generate(body), headers: {})
33
37
  stub_request(:get, "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs")
34
38
  .to_return(status: 404, body: "", headers: {})
35
39
  OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
36
40
  client_options: {site: 'http://localhost:8080/', realm: 'example-realm'})
37
41
  end
38
-
42
+
39
43
  it 'should have the correct keycloak token url' do
40
44
  subject.setup_phase
41
45
  expect(subject.token_url).to eq('/auth/realms/example-realm/protocol/openid-connect/token')
@@ -47,6 +51,93 @@ RSpec.describe OmniAuth::Strategies::KeycloakOpenId do
47
51
  end
48
52
  end
49
53
 
54
+ describe 'client base_url option set' do
55
+ context 'to blank string' do
56
+ let(:new_body_endpoints) {
57
+ {
58
+ "authorization_endpoint": "http://localhost:8080/realms/example-realm/protocol/openid-connect/auth",
59
+ "token_endpoint": "http://localhost:8080/realms/example-realm/protocol/openid-connect/token",
60
+ "jwks_uri": "http://localhost:8080/realms/example-realm/protocol/openid-connect/certs"
61
+ }
62
+ }
63
+
64
+ subject do
65
+ stub_request(:get, "http://localhost:8080/realms/example-realm/.well-known/openid-configuration")
66
+ .to_return(status: 200, body: JSON.generate(body.merge(new_body_endpoints)), headers: {})
67
+ stub_request(:get, "http://localhost:8080/realms/example-realm/protocol/openid-connect/certs")
68
+ .to_return(status: 404, body: "", headers: {})
69
+ OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
70
+ client_options: {site: 'http://localhost:8080/', realm: 'example-realm', base_url: ''})
71
+ end
72
+
73
+ it 'should have the correct keycloak token url' do
74
+ subject.setup_phase
75
+ expect(subject.token_url).to eq('/realms/example-realm/protocol/openid-connect/token')
76
+ end
77
+
78
+ it 'should have the correct keycloak authorization url' do
79
+ subject.setup_phase
80
+ expect(subject.authorize_url).to eq('/realms/example-realm/protocol/openid-connect/auth')
81
+ end
82
+ end
83
+
84
+ context 'to invalid string' do
85
+ subject do
86
+ stub_request(:get, "http://localhost:8080/realms/example-realm/.well-known/openid-configuration")
87
+ .to_return(status: 200, body: JSON.generate(body), headers: {})
88
+ stub_request(:get, "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs")
89
+ .to_return(status: 404, body: "", headers: {})
90
+ OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
91
+ client_options: {site: 'http://localhost:8080/', realm: 'example-realm', base_url: 'test'})
92
+ end
93
+
94
+ it 'raises Configuration Error' do
95
+ expect{ subject.setup_phase }
96
+ .to raise_error(OmniAuth::Strategies::KeycloakOpenId::ConfigurationError)
97
+ end
98
+ end
99
+
100
+ context 'to /authorize' do
101
+
102
+ let(:new_body_endpoints) {
103
+ {
104
+ "authorization_endpoint": "http://localhost:8080/authorize/realms/example-realm/protocol/openid-connect/auth",
105
+ "token_endpoint": "http://localhost:8080/authorize/realms/example-realm/protocol/openid-connect/token",
106
+ "jwks_uri": "http://localhost:8080/authorize/realms/example-realm/protocol/openid-connect/certs"
107
+ }
108
+ }
109
+
110
+ subject do
111
+ stub_request(:get, "http://localhost:8080/authorize/realms/example-realm/.well-known/openid-configuration")
112
+ .to_return(status: 200, body: JSON.generate(body.merge(new_body_endpoints)), headers: {})
113
+ stub_request(:get, "http://localhost:8080/authorize/realms/example-realm/protocol/openid-connect/certs")
114
+ .to_return(status: 404, body: "", headers: {})
115
+ OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
116
+ client_options: {site: 'http://localhost:8080/', realm: 'example-realm', base_url: '/authorize'})
117
+ end
118
+
119
+ it 'should have the correct keycloak token url' do
120
+ subject.setup_phase
121
+ expect(subject.token_url).to eq('/authorize/realms/example-realm/protocol/openid-connect/token')
122
+ end
123
+
124
+ it 'should have the correct keycloak authorization url' do
125
+ subject.setup_phase
126
+ expect(subject.authorize_url).to eq('/authorize/realms/example-realm/protocol/openid-connect/auth')
127
+ end
128
+ end
129
+ end
130
+
131
+ context 'client setup with a proc' do
132
+ subject do
133
+ OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', setup: proc { throw :setup_proc_was_called })
134
+ end
135
+
136
+ it 'should call the proc' do
137
+ expect { subject.setup_phase }.to throw_symbol :setup_proc_was_called
138
+ end
139
+ end
140
+
50
141
  describe 'errors processing' do
51
142
  context 'when site contains /auth part' do
52
143
  subject do
@@ -78,7 +169,7 @@ RSpec.describe OmniAuth::Strategies::KeycloakOpenId do
78
169
  context 'when certificates endpoint returns error response' do
79
170
  subject do
80
171
  stub_request(:get, "http://localhost:8080/auth/realms/example-realm/.well-known/openid-configuration")
81
- .to_return(status: 200, body: body, headers: {})
172
+ .to_return(status: 200, body: JSON.generate(body), headers: {})
82
173
  stub_request(:get, "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs")
83
174
  .to_return(status: 404, body: "", headers: {})
84
175
  OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-keycloak
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.0
4
+ version: 1.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Cameron Crockett
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2021-05-17 00:00:00.000000000 Z
11
+ date: 2021-12-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: omniauth
@@ -86,42 +86,42 @@ dependencies:
86
86
  requirements:
87
87
  - - "~>"
88
88
  - !ruby/object:Gem::Version
89
- version: '3.0'
89
+ version: '3.10'
90
90
  type: :development
91
91
  prerelease: false
92
92
  version_requirements: !ruby/object:Gem::Requirement
93
93
  requirements:
94
94
  - - "~>"
95
95
  - !ruby/object:Gem::Version
96
- version: '3.0'
96
+ version: '3.10'
97
97
  - !ruby/object:Gem::Dependency
98
98
  name: simplecov
99
99
  requirement: !ruby/object:Gem::Requirement
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: 0.16.1
103
+ version: '0.21'
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: 0.16.1
110
+ version: '0.21'
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: webmock
113
113
  requirement: !ruby/object:Gem::Requirement
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: 3.4.2
117
+ version: '3.14'
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: 3.4.2
124
+ version: '3.14'
125
125
  description: Omniauth strategy for Keycloak
126
126
  email:
127
127
  - cameron.crockett@ccrockett.com
@@ -160,14 +160,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
160
160
  requirements:
161
161
  - - ">="
162
162
  - !ruby/object:Gem::Version
163
- version: '2.2'
163
+ version: '2.6'
164
164
  required_rubygems_version: !ruby/object:Gem::Requirement
165
165
  requirements:
166
166
  - - ">="
167
167
  - !ruby/object:Gem::Version
168
- version: 1.3.5
168
+ version: 3.1.2
169
169
  requirements: []
170
- rubygems_version: 3.1.6
170
+ rubygems_version: 3.1.2
171
171
  signing_key:
172
172
  specification_version: 4
173
173
  summary: Omniauth strategy for Keycloak