omniauth-keycloak 1.3.0 → 1.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +32 -32
- data/README.md +36 -2
- data/lib/keycloak/version.rb +1 -1
- data/lib/omniauth/strategies/keycloak-openid.rb +21 -11
- data/omniauth-keycloak.gemspec +7 -7
- data/spec/omniauth/strategies/keycloak_spec.rb +118 -27
- metadata +11 -11
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 42a3358ad3f8f4524e7d212d716e99eda02fa1b5030dcdeedf1d4b77551be450
|
|
4
|
+
data.tar.gz: 6d3b47d546bbec7de0a9d4c5cba6f1b88568f234180ed195ce84d0f37d9b35d4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f27d6b806f0297f6ffc72c722185a8bc5fa76cb32441dc1936ae8d88109bb2b294c05bcde3f4411254adee5f2af5ae5035e63e151762f030ac9c3bbbfdc000fb
|
|
7
|
+
data.tar.gz: eaac842f3e02d03f5c9cbb677e8c60da6f5159582b742ae94b839210861c8e7133ea23f2e462cf180d217cb4ef6702ab8a7ba8ff09719716ab96a538cbf733b6
|
data/Gemfile.lock
CHANGED
|
@@ -15,15 +15,15 @@ GEM
|
|
|
15
15
|
minitest (>= 5.1)
|
|
16
16
|
tzinfo (~> 2.0)
|
|
17
17
|
zeitwerk (~> 2.3)
|
|
18
|
-
addressable (2.
|
|
19
|
-
public_suffix (>= 2.0.2, <
|
|
18
|
+
addressable (2.8.0)
|
|
19
|
+
public_suffix (>= 2.0.2, < 5.0)
|
|
20
20
|
aes_key_wrap (1.1.0)
|
|
21
21
|
bindata (2.4.9)
|
|
22
22
|
concurrent-ruby (1.1.8)
|
|
23
|
-
crack (0.4.
|
|
24
|
-
|
|
25
|
-
diff-lcs (1.
|
|
26
|
-
docile (1.
|
|
23
|
+
crack (0.4.5)
|
|
24
|
+
rexml
|
|
25
|
+
diff-lcs (1.4.4)
|
|
26
|
+
docile (1.4.0)
|
|
27
27
|
faraday (1.4.1)
|
|
28
28
|
faraday-excon (~> 1.1)
|
|
29
29
|
faraday-net_http (~> 1.0)
|
|
@@ -33,11 +33,10 @@ GEM
|
|
|
33
33
|
faraday-excon (1.1.0)
|
|
34
34
|
faraday-net_http (1.0.1)
|
|
35
35
|
faraday-net_http_persistent (1.1.0)
|
|
36
|
-
hashdiff (0.
|
|
36
|
+
hashdiff (1.0.1)
|
|
37
37
|
hashie (4.1.0)
|
|
38
38
|
i18n (1.8.10)
|
|
39
39
|
concurrent-ruby (~> 1.0)
|
|
40
|
-
json (2.3.1)
|
|
41
40
|
json-jwt (1.13.0)
|
|
42
41
|
activesupport (>= 4.2)
|
|
43
42
|
aes_key_wrap
|
|
@@ -60,37 +59,38 @@ GEM
|
|
|
60
59
|
omniauth-oauth2 (1.7.1)
|
|
61
60
|
oauth2 (~> 1.4)
|
|
62
61
|
omniauth (>= 1.9, < 3)
|
|
63
|
-
public_suffix (
|
|
62
|
+
public_suffix (4.0.6)
|
|
64
63
|
rack (2.2.3)
|
|
65
64
|
rack-protection (2.1.0)
|
|
66
65
|
rack
|
|
67
66
|
rake (13.0.1)
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
rspec-
|
|
71
|
-
rspec-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
67
|
+
rexml (3.2.5)
|
|
68
|
+
rspec (3.10.0)
|
|
69
|
+
rspec-core (~> 3.10.0)
|
|
70
|
+
rspec-expectations (~> 3.10.0)
|
|
71
|
+
rspec-mocks (~> 3.10.0)
|
|
72
|
+
rspec-core (3.10.1)
|
|
73
|
+
rspec-support (~> 3.10.0)
|
|
74
|
+
rspec-expectations (3.10.1)
|
|
75
75
|
diff-lcs (>= 1.2.0, < 2.0)
|
|
76
|
-
rspec-support (~> 3.
|
|
77
|
-
rspec-mocks (3.
|
|
76
|
+
rspec-support (~> 3.10.0)
|
|
77
|
+
rspec-mocks (3.10.2)
|
|
78
78
|
diff-lcs (>= 1.2.0, < 2.0)
|
|
79
|
-
rspec-support (~> 3.
|
|
80
|
-
rspec-support (3.
|
|
79
|
+
rspec-support (~> 3.10.0)
|
|
80
|
+
rspec-support (3.10.3)
|
|
81
81
|
ruby2_keywords (0.0.4)
|
|
82
|
-
|
|
83
|
-
simplecov (0.16.1)
|
|
82
|
+
simplecov (0.21.2)
|
|
84
83
|
docile (~> 1.1)
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
simplecov-html (0.
|
|
84
|
+
simplecov-html (~> 0.11)
|
|
85
|
+
simplecov_json_formatter (~> 0.1)
|
|
86
|
+
simplecov-html (0.12.3)
|
|
87
|
+
simplecov_json_formatter (0.1.3)
|
|
88
88
|
tzinfo (2.0.4)
|
|
89
89
|
concurrent-ruby (~> 1.0)
|
|
90
|
-
webmock (3.
|
|
91
|
-
addressable (>= 2.
|
|
90
|
+
webmock (3.14.0)
|
|
91
|
+
addressable (>= 2.8.0)
|
|
92
92
|
crack (>= 0.3.2)
|
|
93
|
-
hashdiff
|
|
93
|
+
hashdiff (>= 0.4.0, < 2.0.0)
|
|
94
94
|
zeitwerk (2.4.2)
|
|
95
95
|
|
|
96
96
|
PLATFORMS
|
|
@@ -100,9 +100,9 @@ DEPENDENCIES
|
|
|
100
100
|
bundler (~> 2.2)
|
|
101
101
|
omniauth-keycloak!
|
|
102
102
|
rake (~> 13.0)
|
|
103
|
-
rspec (~> 3.
|
|
104
|
-
simplecov (~> 0.
|
|
105
|
-
webmock (~> 3.
|
|
103
|
+
rspec (~> 3.10)
|
|
104
|
+
simplecov (~> 0.21)
|
|
105
|
+
webmock (~> 3.14)
|
|
106
106
|
|
|
107
107
|
BUNDLED WITH
|
|
108
|
-
2.2.
|
|
108
|
+
2.2.31
|
data/README.md
CHANGED
|
@@ -25,9 +25,32 @@ Here's a quick example, adding the middleware to a Rails app in `config/initiali
|
|
|
25
25
|
```ruby
|
|
26
26
|
Rails.application.config.middleware.use OmniAuth::Builder do
|
|
27
27
|
provider :keycloak_openid, 'Example-Client', '19cca35f-dddd-473a-bdd5-03f00d61d884',
|
|
28
|
-
client_options: {site: 'https://example.keycloak-url.com', realm: 'example-realm'}
|
|
28
|
+
client_options: {site: 'https://example.keycloak-url.com', realm: 'example-realm'},
|
|
29
|
+
name: 'keycloak'
|
|
29
30
|
end
|
|
30
31
|
```
|
|
32
|
+
This will allow a POST request to `auth/keycloak` since the name is set to keycloak
|
|
33
|
+
|
|
34
|
+
Or using a proc setup with a custom options:
|
|
35
|
+
|
|
36
|
+
```ruby
|
|
37
|
+
Rails.application.config.middleware.use OmniAuth::Builder do
|
|
38
|
+
SETUP_PROC = lambda do |env|
|
|
39
|
+
request = Rack::Request.new(env)
|
|
40
|
+
organization = Organization.find_by(host: request.host)
|
|
41
|
+
provider_config = organization.enabled_omniauth_providers[:keycloakopenid]
|
|
42
|
+
|
|
43
|
+
env["omniauth.strategy"].options[:client_id] = provider_config[:client_id]
|
|
44
|
+
env["omniauth.strategy"].options[:client_secret] = provider_config[:client_secret]
|
|
45
|
+
env["omniauth.strategy"].options[:client_options] = { site: provider_config[:site], realm: provider_config[:realm] }
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
Rails.application.config.middleware.use OmniAuth::Builder do
|
|
49
|
+
provider :keycloak_openid, setup: SETUP_PROC
|
|
50
|
+
end
|
|
51
|
+
end
|
|
52
|
+
```
|
|
53
|
+
|
|
31
54
|
|
|
32
55
|
## Devise Usage
|
|
33
56
|
Adapted from [Devise OmniAuth Instructions](https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview)
|
|
@@ -43,7 +66,7 @@ end
|
|
|
43
66
|
# config/initializers/devise.rb
|
|
44
67
|
config.omniauth :keycloak_openid, "Example-Client-Name", "example-secret-if-configured", client_options: { site: "https://example.keycloak-url.com", realm: "example-realm" }, :strategy_class => OmniAuth::Strategies::KeycloakOpenId
|
|
45
68
|
|
|
46
|
-
# Below controller assumes callback route configuration following
|
|
69
|
+
# Below controller assumes callback route configuration following
|
|
47
70
|
# in config/routes.rb
|
|
48
71
|
Devise.setup do |config|
|
|
49
72
|
# ...
|
|
@@ -70,6 +93,17 @@ end
|
|
|
70
93
|
|
|
71
94
|
```
|
|
72
95
|
|
|
96
|
+
## Configuration
|
|
97
|
+
* __Base Url other than /auth__
|
|
98
|
+
This gem tries to get the keycloak configuration from `"#{site}/auth/realms/#{realm}/.well-known/openid-configuration"`. If your keycloak server has been setup to use a different "root" url other than `/auth` then you need to pass in the `base_url` option when setting up the gem:
|
|
99
|
+
```ruby
|
|
100
|
+
Rails.application.config.middleware.use OmniAuth::Builder do
|
|
101
|
+
provider :keycloak_openid, 'Example-Client', '19cca35f-dddd-473a-bdd5-03f00d61d884',
|
|
102
|
+
client_options: {site: 'https://example.keycloak-url.com', realm: 'example-realm', base_url: '/authorize'},
|
|
103
|
+
name: 'keycloak'
|
|
104
|
+
end
|
|
105
|
+
```
|
|
106
|
+
|
|
73
107
|
## Contributing
|
|
74
108
|
|
|
75
109
|
Bug reports and pull requests are welcome on GitHub at https://github.com/ccrockett/omniauth-keycloak. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
|
data/lib/keycloak/version.rb
CHANGED
|
@@ -13,9 +13,11 @@ module OmniAuth
|
|
|
13
13
|
|
|
14
14
|
attr_reader :authorize_url
|
|
15
15
|
attr_reader :token_url
|
|
16
|
-
attr_reader :
|
|
16
|
+
attr_reader :certs
|
|
17
17
|
|
|
18
18
|
def setup_phase
|
|
19
|
+
super
|
|
20
|
+
|
|
19
21
|
if @authorize_url.nil? || @token_url.nil?
|
|
20
22
|
prevent_site_option_mistake
|
|
21
23
|
|
|
@@ -24,7 +26,7 @@ module OmniAuth
|
|
|
24
26
|
|
|
25
27
|
raise_on_failure = options.client_options.fetch(:raise_on_failure, false)
|
|
26
28
|
|
|
27
|
-
config_url = URI.join(site, "/
|
|
29
|
+
config_url = URI.join(site, "#{auth_url_base}/realms/#{realm}/.well-known/openid-configuration")
|
|
28
30
|
|
|
29
31
|
log :debug, "Going to get Keycloak configuration. URL: #{config_url}"
|
|
30
32
|
response = Faraday.get config_url
|
|
@@ -46,8 +48,8 @@ module OmniAuth
|
|
|
46
48
|
certs = Faraday.get @certs_endpoint
|
|
47
49
|
if (certs.status == 200)
|
|
48
50
|
json = MultiJson.load(certs.body)
|
|
49
|
-
@
|
|
50
|
-
log :debug, "Successfully got certificate. Certificate length: #{@
|
|
51
|
+
@certs = json["keys"]
|
|
52
|
+
log :debug, "Successfully got certificate. Certificate length: #{@certs.length}"
|
|
51
53
|
else
|
|
52
54
|
message = "Coundn't get certificate. URL: #{@certs_endpoint}"
|
|
53
55
|
log :error, message
|
|
@@ -62,6 +64,14 @@ module OmniAuth
|
|
|
62
64
|
end
|
|
63
65
|
end
|
|
64
66
|
|
|
67
|
+
def auth_url_base
|
|
68
|
+
return '/auth' unless options.client_options[:base_url]
|
|
69
|
+
base_url = options.client_options[:base_url]
|
|
70
|
+
return base_url if (base_url == '' || base_url[0] == '/')
|
|
71
|
+
|
|
72
|
+
raise ConfigurationError, "Keycloak base_url option should start with '/'. Current value: #{base_url}"
|
|
73
|
+
end
|
|
74
|
+
|
|
65
75
|
def prevent_site_option_mistake
|
|
66
76
|
site = options.client_options[:site]
|
|
67
77
|
return unless site =~ /\/auth$/
|
|
@@ -81,14 +91,14 @@ module OmniAuth
|
|
|
81
91
|
|
|
82
92
|
def build_access_token
|
|
83
93
|
verifier = request.params["code"]
|
|
84
|
-
client.auth_code.get_token(verifier,
|
|
94
|
+
client.auth_code.get_token(verifier,
|
|
85
95
|
{:redirect_uri => callback_url.gsub(/\?.+\Z/, "")}
|
|
86
|
-
.merge(token_params.to_hash(:symbolize_keys => true)),
|
|
96
|
+
.merge(token_params.to_hash(:symbolize_keys => true)),
|
|
87
97
|
deep_symbolize(options.auth_token_params))
|
|
88
98
|
end
|
|
89
99
|
|
|
90
100
|
uid{ raw_info['sub'] }
|
|
91
|
-
|
|
101
|
+
|
|
92
102
|
info do
|
|
93
103
|
{
|
|
94
104
|
:name => raw_info['name'],
|
|
@@ -97,17 +107,17 @@ module OmniAuth
|
|
|
97
107
|
:last_name => raw_info['family_name']
|
|
98
108
|
}
|
|
99
109
|
end
|
|
100
|
-
|
|
110
|
+
|
|
101
111
|
extra do
|
|
102
112
|
{
|
|
103
113
|
'raw_info' => raw_info
|
|
104
114
|
}
|
|
105
115
|
end
|
|
106
|
-
|
|
116
|
+
|
|
107
117
|
def raw_info
|
|
108
118
|
id_token_string = access_token.token
|
|
109
|
-
|
|
110
|
-
id_token = JSON::JWT.decode id_token_string,
|
|
119
|
+
jwks = JSON::JWK::Set.new(@certs)
|
|
120
|
+
id_token = JSON::JWT.decode id_token_string, jwks
|
|
111
121
|
id_token
|
|
112
122
|
end
|
|
113
123
|
|
data/omniauth-keycloak.gemspec
CHANGED
|
@@ -4,13 +4,13 @@ Gem::Specification.new do |spec|
|
|
|
4
4
|
spec.version = Omniauth::Keycloak::VERSION
|
|
5
5
|
spec.authors = ["Cameron Crockett"]
|
|
6
6
|
spec.email = ["cameron.crockett@ccrockett.com"]
|
|
7
|
-
|
|
7
|
+
|
|
8
8
|
spec.description = %q{Omniauth strategy for Keycloak}
|
|
9
9
|
spec.summary = spec.description
|
|
10
10
|
spec.homepage = "https://github.com/ccrockett/omniauth-keycloak"
|
|
11
11
|
spec.license = "MIT"
|
|
12
|
-
spec.required_rubygems_version = '>= 1.
|
|
13
|
-
spec.required_ruby_version = '>= 2.
|
|
12
|
+
spec.required_rubygems_version = '>= 3.1.2'
|
|
13
|
+
spec.required_ruby_version = '>= 2.6'
|
|
14
14
|
|
|
15
15
|
# Specify which files should be added to the gem when it is released.
|
|
16
16
|
# The `git ls-files -z` loads the files in the RubyGem that have been added into git.
|
|
@@ -22,14 +22,14 @@ Gem::Specification.new do |spec|
|
|
|
22
22
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
|
23
23
|
spec.require_paths = ["lib"]
|
|
24
24
|
|
|
25
|
-
|
|
25
|
+
|
|
26
26
|
spec.add_dependency "omniauth", "~> 2.0.4"
|
|
27
27
|
spec.add_dependency "omniauth-oauth2", "~> 1.7.1"
|
|
28
28
|
spec.add_dependency "json-jwt", "~> 1.13.0"
|
|
29
29
|
|
|
30
30
|
spec.add_development_dependency "bundler", "~> 2.2"
|
|
31
31
|
spec.add_development_dependency "rake", "~> 13.0"
|
|
32
|
-
spec.add_development_dependency "rspec", "~> 3.
|
|
33
|
-
spec.add_development_dependency 'simplecov', '~> 0.
|
|
34
|
-
spec.add_development_dependency 'webmock', '~> 3.
|
|
32
|
+
spec.add_development_dependency "rspec", "~> 3.10"
|
|
33
|
+
spec.add_development_dependency 'simplecov', '~> 0.21'
|
|
34
|
+
spec.add_development_dependency 'webmock', '~> 3.14'
|
|
35
35
|
end
|
|
@@ -1,41 +1,45 @@
|
|
|
1
1
|
require 'spec_helper'
|
|
2
2
|
|
|
3
3
|
RSpec.describe OmniAuth::Strategies::KeycloakOpenId do
|
|
4
|
-
body
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
4
|
+
let(:body) {
|
|
5
|
+
{
|
|
6
|
+
"issuer": "http://localhost:8080/auth/realms/example-realm",
|
|
7
|
+
"authorization_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/auth",
|
|
8
|
+
"token_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/token",
|
|
9
|
+
"token_introspection_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/token/introspect",
|
|
10
|
+
"userinfo_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/userinfo",
|
|
11
|
+
"end_session_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/logout",
|
|
12
|
+
"jwks_uri": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs",
|
|
13
|
+
"check_session_iframe": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/login-status-iframe.html",
|
|
14
|
+
"grant_types_supported": ["authorization_code", "implicit", "refresh_token", "password", "client_credentials"],
|
|
15
|
+
"response_types_supported": ["code", "none", "id_token", "token", "id_token token", "code id_token", "code token", "code id_token token"],
|
|
16
|
+
"subject_types_supported": ["public", "pairwise"],
|
|
17
|
+
"id_token_signing_alg_values_supported": ["RS256"],
|
|
18
|
+
"userinfo_signing_alg_values_supported": ["RS256"],
|
|
19
|
+
"request_object_signing_alg_values_supported": ["none", "RS256"],
|
|
20
|
+
"response_modes_supported": ["query", "fragment", "form_post"],
|
|
21
|
+
"registration_endpoint": "http://localhost:8080/auth/realms/example-realm/clients-registrations/openid-connect",
|
|
22
|
+
"token_endpoint_auth_methods_supported": ["private_key_jwt", "client_secret_basic", "client_secret_post"],
|
|
23
|
+
"token_endpoint_auth_signing_alg_values_supported": ["RS256"],
|
|
24
|
+
"claims_supported": ["sub", "iss", "auth_time", "name", "given_name", "family_name", "preferred_username", "email"],
|
|
25
|
+
"claim_types_supported": ["normal"],
|
|
26
|
+
"claims_parameter_supported": false,
|
|
27
|
+
"scopes_supported": ["openid", "offline_access"],
|
|
28
|
+
"request_parameter_supported": true,
|
|
29
|
+
"request_uri_parameter_supported": true
|
|
30
|
+
}
|
|
31
|
+
}
|
|
28
32
|
|
|
29
33
|
context 'client options' do
|
|
30
34
|
subject do
|
|
31
35
|
stub_request(:get, "http://localhost:8080/auth/realms/example-realm/.well-known/openid-configuration")
|
|
32
|
-
.to_return(status: 200, body: body, headers: {})
|
|
36
|
+
.to_return(status: 200, body: JSON.generate(body), headers: {})
|
|
33
37
|
stub_request(:get, "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs")
|
|
34
38
|
.to_return(status: 404, body: "", headers: {})
|
|
35
39
|
OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
|
|
36
40
|
client_options: {site: 'http://localhost:8080/', realm: 'example-realm'})
|
|
37
41
|
end
|
|
38
|
-
|
|
42
|
+
|
|
39
43
|
it 'should have the correct keycloak token url' do
|
|
40
44
|
subject.setup_phase
|
|
41
45
|
expect(subject.token_url).to eq('/auth/realms/example-realm/protocol/openid-connect/token')
|
|
@@ -47,6 +51,93 @@ RSpec.describe OmniAuth::Strategies::KeycloakOpenId do
|
|
|
47
51
|
end
|
|
48
52
|
end
|
|
49
53
|
|
|
54
|
+
describe 'client base_url option set' do
|
|
55
|
+
context 'to blank string' do
|
|
56
|
+
let(:new_body_endpoints) {
|
|
57
|
+
{
|
|
58
|
+
"authorization_endpoint": "http://localhost:8080/realms/example-realm/protocol/openid-connect/auth",
|
|
59
|
+
"token_endpoint": "http://localhost:8080/realms/example-realm/protocol/openid-connect/token",
|
|
60
|
+
"jwks_uri": "http://localhost:8080/realms/example-realm/protocol/openid-connect/certs"
|
|
61
|
+
}
|
|
62
|
+
}
|
|
63
|
+
|
|
64
|
+
subject do
|
|
65
|
+
stub_request(:get, "http://localhost:8080/realms/example-realm/.well-known/openid-configuration")
|
|
66
|
+
.to_return(status: 200, body: JSON.generate(body.merge(new_body_endpoints)), headers: {})
|
|
67
|
+
stub_request(:get, "http://localhost:8080/realms/example-realm/protocol/openid-connect/certs")
|
|
68
|
+
.to_return(status: 404, body: "", headers: {})
|
|
69
|
+
OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
|
|
70
|
+
client_options: {site: 'http://localhost:8080/', realm: 'example-realm', base_url: ''})
|
|
71
|
+
end
|
|
72
|
+
|
|
73
|
+
it 'should have the correct keycloak token url' do
|
|
74
|
+
subject.setup_phase
|
|
75
|
+
expect(subject.token_url).to eq('/realms/example-realm/protocol/openid-connect/token')
|
|
76
|
+
end
|
|
77
|
+
|
|
78
|
+
it 'should have the correct keycloak authorization url' do
|
|
79
|
+
subject.setup_phase
|
|
80
|
+
expect(subject.authorize_url).to eq('/realms/example-realm/protocol/openid-connect/auth')
|
|
81
|
+
end
|
|
82
|
+
end
|
|
83
|
+
|
|
84
|
+
context 'to invalid string' do
|
|
85
|
+
subject do
|
|
86
|
+
stub_request(:get, "http://localhost:8080/realms/example-realm/.well-known/openid-configuration")
|
|
87
|
+
.to_return(status: 200, body: JSON.generate(body), headers: {})
|
|
88
|
+
stub_request(:get, "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs")
|
|
89
|
+
.to_return(status: 404, body: "", headers: {})
|
|
90
|
+
OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
|
|
91
|
+
client_options: {site: 'http://localhost:8080/', realm: 'example-realm', base_url: 'test'})
|
|
92
|
+
end
|
|
93
|
+
|
|
94
|
+
it 'raises Configuration Error' do
|
|
95
|
+
expect{ subject.setup_phase }
|
|
96
|
+
.to raise_error(OmniAuth::Strategies::KeycloakOpenId::ConfigurationError)
|
|
97
|
+
end
|
|
98
|
+
end
|
|
99
|
+
|
|
100
|
+
context 'to /authorize' do
|
|
101
|
+
|
|
102
|
+
let(:new_body_endpoints) {
|
|
103
|
+
{
|
|
104
|
+
"authorization_endpoint": "http://localhost:8080/authorize/realms/example-realm/protocol/openid-connect/auth",
|
|
105
|
+
"token_endpoint": "http://localhost:8080/authorize/realms/example-realm/protocol/openid-connect/token",
|
|
106
|
+
"jwks_uri": "http://localhost:8080/authorize/realms/example-realm/protocol/openid-connect/certs"
|
|
107
|
+
}
|
|
108
|
+
}
|
|
109
|
+
|
|
110
|
+
subject do
|
|
111
|
+
stub_request(:get, "http://localhost:8080/authorize/realms/example-realm/.well-known/openid-configuration")
|
|
112
|
+
.to_return(status: 200, body: JSON.generate(body.merge(new_body_endpoints)), headers: {})
|
|
113
|
+
stub_request(:get, "http://localhost:8080/authorize/realms/example-realm/protocol/openid-connect/certs")
|
|
114
|
+
.to_return(status: 404, body: "", headers: {})
|
|
115
|
+
OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
|
|
116
|
+
client_options: {site: 'http://localhost:8080/', realm: 'example-realm', base_url: '/authorize'})
|
|
117
|
+
end
|
|
118
|
+
|
|
119
|
+
it 'should have the correct keycloak token url' do
|
|
120
|
+
subject.setup_phase
|
|
121
|
+
expect(subject.token_url).to eq('/authorize/realms/example-realm/protocol/openid-connect/token')
|
|
122
|
+
end
|
|
123
|
+
|
|
124
|
+
it 'should have the correct keycloak authorization url' do
|
|
125
|
+
subject.setup_phase
|
|
126
|
+
expect(subject.authorize_url).to eq('/authorize/realms/example-realm/protocol/openid-connect/auth')
|
|
127
|
+
end
|
|
128
|
+
end
|
|
129
|
+
end
|
|
130
|
+
|
|
131
|
+
context 'client setup with a proc' do
|
|
132
|
+
subject do
|
|
133
|
+
OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', setup: proc { throw :setup_proc_was_called })
|
|
134
|
+
end
|
|
135
|
+
|
|
136
|
+
it 'should call the proc' do
|
|
137
|
+
expect { subject.setup_phase }.to throw_symbol :setup_proc_was_called
|
|
138
|
+
end
|
|
139
|
+
end
|
|
140
|
+
|
|
50
141
|
describe 'errors processing' do
|
|
51
142
|
context 'when site contains /auth part' do
|
|
52
143
|
subject do
|
|
@@ -78,7 +169,7 @@ RSpec.describe OmniAuth::Strategies::KeycloakOpenId do
|
|
|
78
169
|
context 'when certificates endpoint returns error response' do
|
|
79
170
|
subject do
|
|
80
171
|
stub_request(:get, "http://localhost:8080/auth/realms/example-realm/.well-known/openid-configuration")
|
|
81
|
-
.to_return(status: 200, body: body, headers: {})
|
|
172
|
+
.to_return(status: 200, body: JSON.generate(body), headers: {})
|
|
82
173
|
stub_request(:get, "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs")
|
|
83
174
|
.to_return(status: 404, body: "", headers: {})
|
|
84
175
|
OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: omniauth-keycloak
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Cameron Crockett
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-12-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: omniauth
|
|
@@ -86,42 +86,42 @@ dependencies:
|
|
|
86
86
|
requirements:
|
|
87
87
|
- - "~>"
|
|
88
88
|
- !ruby/object:Gem::Version
|
|
89
|
-
version: '3.
|
|
89
|
+
version: '3.10'
|
|
90
90
|
type: :development
|
|
91
91
|
prerelease: false
|
|
92
92
|
version_requirements: !ruby/object:Gem::Requirement
|
|
93
93
|
requirements:
|
|
94
94
|
- - "~>"
|
|
95
95
|
- !ruby/object:Gem::Version
|
|
96
|
-
version: '3.
|
|
96
|
+
version: '3.10'
|
|
97
97
|
- !ruby/object:Gem::Dependency
|
|
98
98
|
name: simplecov
|
|
99
99
|
requirement: !ruby/object:Gem::Requirement
|
|
100
100
|
requirements:
|
|
101
101
|
- - "~>"
|
|
102
102
|
- !ruby/object:Gem::Version
|
|
103
|
-
version: 0.
|
|
103
|
+
version: '0.21'
|
|
104
104
|
type: :development
|
|
105
105
|
prerelease: false
|
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
|
107
107
|
requirements:
|
|
108
108
|
- - "~>"
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
|
-
version: 0.
|
|
110
|
+
version: '0.21'
|
|
111
111
|
- !ruby/object:Gem::Dependency
|
|
112
112
|
name: webmock
|
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|
|
114
114
|
requirements:
|
|
115
115
|
- - "~>"
|
|
116
116
|
- !ruby/object:Gem::Version
|
|
117
|
-
version: 3.
|
|
117
|
+
version: '3.14'
|
|
118
118
|
type: :development
|
|
119
119
|
prerelease: false
|
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
|
121
121
|
requirements:
|
|
122
122
|
- - "~>"
|
|
123
123
|
- !ruby/object:Gem::Version
|
|
124
|
-
version: 3.
|
|
124
|
+
version: '3.14'
|
|
125
125
|
description: Omniauth strategy for Keycloak
|
|
126
126
|
email:
|
|
127
127
|
- cameron.crockett@ccrockett.com
|
|
@@ -160,14 +160,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
160
160
|
requirements:
|
|
161
161
|
- - ">="
|
|
162
162
|
- !ruby/object:Gem::Version
|
|
163
|
-
version: '2.
|
|
163
|
+
version: '2.6'
|
|
164
164
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
165
165
|
requirements:
|
|
166
166
|
- - ">="
|
|
167
167
|
- !ruby/object:Gem::Version
|
|
168
|
-
version: 1.
|
|
168
|
+
version: 3.1.2
|
|
169
169
|
requirements: []
|
|
170
|
-
rubygems_version: 3.1.
|
|
170
|
+
rubygems_version: 3.1.2
|
|
171
171
|
signing_key:
|
|
172
172
|
specification_version: 4
|
|
173
173
|
summary: Omniauth strategy for Keycloak
|